Strategic Report

Our risk management

Our growth ambition in a fast-moving and During 2019 the topics have included: Our enterprise risk management framework
innovative business environment means that adopts a mitigate/transfer/accept approach,
• many long-term industry and
we must consider risk as a central part of taking into account the potential impact on
macroeconomic risk factors (within
the definition and execution of our strategy. the ability of the Group to execute and
Board strategy meeting and committee
The Board and Executive Committee have deliver our objectives and strategy.
discussions), often alongside management’s
collaborated closely throughout 2019 to
own presentations of plans and projects;
ensure that risk assessment, mitigation Risk appetite
strategies and plans are integrated into • discussion of risks relating to longer-term IHG’s risk appetite is visible through the
broader consideration of our short-term sustainability, shifting societal nature and extent of risk taken by the Board
goals and longer-term strategic initiatives expectations, human rights and our in pursuit of strategic and other business
and key projects. evolving responsibilities across our supply objectives. We cascade this appetite through
chain (Corporate Responsibility the goals and targets we set, our Code of
The Board’s role in risk management – Committee); Conduct and other global policies, our
stewardship and partnership • emerging tax, treasury and regulatory risks, formal Delegation of Authority policy
The Board is ultimately accountable for the for example relating to privacy and data including the governance structure of
effectiveness of our risk management and protection (Audit Committee); approval committees, decisions we make
internal control systems, and is supported by • cultural, succession and retention risks and and how we allocate resources. It evolves
the Audit Committee, Executive Committee the competitiveness of director and with the IHG strategy. Our Annual Report
and delegated committees. Our regional and executive remuneration (Remuneration and and Form 20-F describes risk appetite in a
functional leaders, supported by the Risk & Nomination Committees). number of places. For example, our appetite
Assurance team, conduct strategic planning for financial risk is described in note 24 to
and business performance reviews While the Board oversees the risk the Group Financial Statements, see page
throughout the year which monitor management system to ensure that risks and 182. As a day-to-day example, decision
emerging risks – new or changing factors opportunities are appropriately identified makers in the business can refer to
which require further consideration to and managed to an acceptable level, it guidelines which articulate parameters for
determine the potential significance to our works in partnership with the Executive new hotel development deals.
business. Our governance framework and Committee and Senior Leaders to maintain
This section should be read together
committee agendas establish procedures for and, where necessary, accelerate the
with the rest of the Strategic Report,
Board members to receive information from understanding of key risk topics. This is Governance on pages 78 to 117, the going
the Executive Committee and Senior particularly relevant in relation to concern statement on page 224, and Risk
Leaders and a range of other internal and cybersecurity, where the Board have met Factors on pages 226 to 230.
external sources on emerging risks. More regularly with management outside of formal
detail on the topics covered by the Board meetings to enable a more detailed
and committees is available in the Corporate appreciation of the risks and risk
Governance section, pages 78 to 117. management strategies available to us to
manage them.

Risk management supports

decision making
Board & Committees
Our risk management and internal control
system is fully integrated with the way we
Culture,
run the business and how we create and
Values and
protect value in pursuit of our objectives.
Behaviour Executive Committee Monitoring,
Our culture, values and behaviours, see Reporting
pages 26 and 27, establish authorities, Feedback & & Assurance
capabilities and appropriate incentives for Challenge
empowered and agile decision-making
across our portfolio of risks by teams across Global Functions and Regions
IHG, supported by functional expertise.
Formal and informal monitoring, reporting
and assurance arrangements, see page 27,
enable the Board and Executive Committee Policies,
to decisions improving
to maintain ongoing oversight of key areas of procedures, optimising
applied by our made in business transparency and
systems, the way we
uncertainty and the effectiveness of our risk governance,
people planning and
manage risk
the likelihood of
management and internal control delivery strategic success.
reporting
arrangements.

46 IHG  |  Annual Report and Form 20-F 2019

IHG’s principal risks and uncertainties Our programme to realise savings for Our strategy requires us to work increasingly
Our risk profile is structurally similar to that reinvestment has led to a range of changes with partners, intermediaries and other third
of a year ago, although the context within to organisation, accountabilities and parties, and access expertise and services
which we operate is highly dynamic processes, and a wide portfolio of initiatives which enable us to anticipate and respond
reflecting the cyclical nature of our industry is in place to pursue growth opportunities. to the needs of our owners, guests and
and global macroeconomic uncertainties. colleagues, and to work efficiently and at
Our approach to risk management has
scale. Many of our risks therefore reflect the
Our discussions of risk also take place within therefore also evolved as part of our
changing nature of our extended enterprise
a context of increasing scrutiny of the organisational focus on growth and how we
and our responsibilities to our stakeholders.
impact of our business on our stakeholders, take informed decisions in a fast moving
Some of these responsibilities, particularly
and our longer-term sustainability. We have environment. The Risk and Assurance team
in relation to our stewardship of data, are
therefore split out our consideration of has continued to coordinate assessments of
subject to significant changes in law and
external factors to recognise both the risks the principal risks facing the Group,
therefore highlighted as dynamic and
relating to political and economic headwinds including those which would threaten its
demanding regular attention by senior
on our growth ambitions (for example business model, future performance,
management and the Board.
disruption in key markets and trade wars) solvency or liquidity and reputation. These
and also the requirement to anticipate and risks are formally reviewed with the Group’s We continue to conclude that the potential
respond appropriately to the risks and Directors on a bi-annual basis and impact of Brexit on IHG is not likely to have
opportunities relating to our environmental considered in more detail through the a material impact on our overall strategy or
and social responsibilities. activities of the Board and committees, operations although, as with other external
however risks are also discussed as an factors, this is considered as part of
We have also refreshed our crisis and
integral part of decision making across the operational risk management and resilience
incident management procedures during
year. In addition, focus on the behaviours planning, and a standing group reviews our
2019, with the Executive Committee and
necessary to drive growth has included preparedness for operational disruption.
many regional and functional leadership
cross-business participation in virtual The impact of a potential movement in the
teams working through training and tabletop
learning summits, including how to make value of sterling is articulated in note 24
crisis scenarios to review and practice ways
decisions at pace with the right governance of the Group Financial Statements,
of working. The Risk and Assurance team
and structure to maintain control. see pages 182 to 185.
provides support and intelligence on
emerging threats and will continue to
provide advice to management on
procedures for risk identification and
mitigation and control. We are continuing
to monitor the evolving situation relating
to Covid-19 and its impact on both our
business and the industry as a whole, and we
are working closely with relevant authorities.
The Group’s asset-light business model,
diverse brand portfolio and wide
geographical spread contribute to IHG’s
overall resilience to events that could affect
specific segmental or geographical areas.

IHG  |  Annual Report and Form 20-F 2019  |  Strategic Report  |  Risk management 47
Strategic Report

Risk management continued

Risk trend and speed of impact Principal risk – assessment of trend and speed of impact
We assess whether the risk area
Speed of potential impact
is stable or dynamic in its impact More gradual Rapid
and/or likelihood (inherent risk
trend), and the rate at which there • Channel management and technology • Cybersecurity and information governance

Dynamic
Inherent risk trend
could be a material impact on • Accelerate growth • Preferred brands and loyalty
IHG. The trend and speed of • Macro external factors • Leadership and talent
impact are summarised in the • Environmental and social mega trends • Legal, regulatory and ethical compliance
diagram with further detail on
activities to manage each of these
risks in the table below. Stable • Safety and security
• Financial management and control systems

Principal risks descriptions

Inherent risk trend Risk impact – link to our strategic priorities

 Dynamic/Rapid
  Build and leverage scale    Strengthen loyalty programme    Enhance revenue delivery

 Dynamic/Gradual
  Evolve owner proposition    Optimise our preferred portfolio of brands for owners and guests

 Stable/Rapid

Risk description Trend Impact Initiatives to manage these risks

Inherent threats to   • Effective and appropriate leveraging of data that we have a right to use is a key aspect
cybersecurity and of the interface between our marketing and our commercial and technology activity.
information governance We take account of regulatory and ethical factors as part of the decision-making
remain significant and processes in relation to marketing and technological initiatives, and we also rely on
dynamic. We are aware of our appropriate governance and control arrangements to mitigate risks that the validity of
responsibilities in relation to a data that we use is undermined by cyber-attacks or operational failures.
range of high-value assets • Our 2019 focus has been on progressing a Board-endorsed roadmap of the highest
(critical systems & guest, priority and highest-value initiatives to build and maintain core elements of our
employee and other sensitive cybersecurity posture.
data) which may be targeted
• During the year our Chief Information Security Officer has worked with teams across IHG
by various threat ‘actors’
to increase sophistication in how we identify, protect, detect, respond and recover in
(including organised
relation to cyber risks. This has involved developments in our security governance and
criminals, third parties and
risk tracking, including discussion and assessment of an approach to high-value assets
‘threat actor-employees’), and
with the Executive Committee.
rapid evolution in societal,
regulatory and media scrutiny • We have continued to drive awareness of cybersecurity risk, including an anti-phishing
of privacy arrangements mean campaign which tested corporate employees on phishing attacks. We also developed a
that the potential impact of cybersecurity incident response playbook which is aligned with wider IHG resilience and
data loss to IHG financially, incident preparation protocols.
reputationally or operationally • The nature of our operating model means that significant amounts of IHG’s confidential
remains a dynamic risk factor. information assets are also held by or shared with third-party suppliers and owners, and
we review those risks as part of our broader supply chain risk management arrangements.
• Our information security programme is supported and reviewed by internal and external
assurance activities, including our Internal Audit and SOX teams and PCI assessments.
• During 2019 we have reported regularly to the Board and the Executive Committee on the
information security roadmap using key risk indicators to track trends in risk and mitigation
initiatives. We also continue to work closely with our insurers to review the adequacy of
protection for our risks and have assessed potential cyber incident scenarios, including
quantification of value at risk, to better aid in risk-based discussions on remediation
investment against risk acceptance and available risk transfer opportunities.

48 IHG  |  Annual Report and Form 20-F 2019

Risk description Trend Impact Initiatives to manage these risks

Failure to deliver preferred   • To enable our growth ambitions, we need to continuously strengthen our portfolio of
brands and loyalty could brands to build an industry-leading offer which delivers leading-edge guest preference,
impact our competitive and competitive owner returns. For a description of our brands and brand initiatives see
positioning, our growth pages 14 to 17, and page 23.
ambitions and our reputation • We are building the underlying capabilities to achieve our vision by: strengthening our
with guests and owners. new brand development; enhancing our marketing capability; refining our brand
Competitor and intermediation portfolio strategy; building improved data analytics capabilities; and scaling the
activity creates inherent risks production and efficiency of our global marketing assets.
and opportunities for the
• During 2019, our Global Marketing team has continued to evolve an operating framework
hospitality industry and is
to provide additional clarity and alignment on prioritisation and focus areas. We have
relevant to the longer-term
also implemented changes to several ways of working between our global functions and
value of IHG’s franchised/
regional operations teams to drive commercial performance, supported by learning
managed proposition and our
events and engagement sessions.
ability to deliver returns to
current and potential owners • We are also executing a loyalty roadmap that includes tactical improvements to drive
of our various brands. short-term performance and foundational levers to enable a longer-term step change to
improve member benefits, owner economics and programme technology. See page 20
for more details on our 2019 initiatives.

In a fast growth environment,   • Our approach to managing our people is outlined in detail on pages 28 to 31 and our
it is essential that we attract, annual business planning process includes a review of workforce risks. We consider
develop and retain leadership workforce risks when designing business initiatives and we regularly review talent and
and talent and failure to do succession across the organisation. Our Human Resources team partners across IHG,
this could impact our ability to and performs regular reviews including in relation to the diversity of our talent and
achieve growth ambitions and competitiveness of our compensation and benefits plan.
execute effectively. Our • IHG has the ability to manage the risk directly in relation to IHG employees but relies on
people are essential to owners and third-party suppliers to manage the risk in related activities. Our Procurement,
delivering our objectives, and Legal and Risk teams also consider more indirect workforce risks relating to our third-
our ability to develop talent is party relationships.
a key way we can deliver value
• During 2019, we have continued to refine and streamline our performance management
to our existing and potential
systems and embed a common set of leadership behaviours across IHG through
owners of both managed and
employee participation in various virtual learning summits.
franchised hotels. It is also
essential that we retain key • Several policies supporting our Code of Conduct (for example our Human Rights Policy
executive talent, both at the which is reviewed annually) relate to the management of our people, describing our
corporate and hotel levels, in intolerance for inappropriate behaviours, and appropriate adherence to those helps
the face of attractive roles and manage our risk.
competitive rewards available • As our business expands through mergers and acquisition, we also undertake due
in the global markets where diligence prior to transactions, and as part of integration activities, to evaluate and adapt
we operate and compete. relevant people practices.

IHG  |  Annual Report and Form 20-F 2019  |  Strategic Report  |  Risk management 49
Strategic Report

Risk management continued

Risk description Trend Impact Initiatives to manage these risks

The global business regulatory   • Our global Ethics and Compliance team (E&C team) are focused on ensuring IHG has a
and contractual environment globally coordinated approach to material ethical and compliance risks, taking into account
and societal expectations the regulatory environment, stakeholder expectations and IHG’s commitment to a culture
continue to evolve. Failure to of responsible business.
ensure legal, regulatory and • The overarching framework for Ethics and Compliance is the IHG Code of Conduct (Code),
ethical compliance would (see pages 26 and 27). In addition to the Code, the E&C team manage the global
impact IHG operationally and compliance programmes for Anti-Bribery and Corruption, Antitrust/Competition Law,
reputationally. Regulators are Sanctions and Human Rights.
moving to impose significant
• A number of processes and initiatives are used by the E&C team to manage ethical and
fines for non-compliance, most
compliance risks. For example, IHG is a member of Transparency International UK’s
notably in relation to privacy
Business Integrity Forum and participates in its annual Corporate Anti-Corruption
obligations and data security,
Benchmark. The findings from the Benchmark assessment are utilised predominantly
and there is increasing
by the E&C team to identify improvements to the design of the IHG Anti-Bribery and
attention on environmental,
Corruption programme.
social and governance matters
(for example relating to • The E&C team are also responsible for, and have oversight of, the owner legal due diligence
consumer protection, human process. This is designed to ensure that risk-based due diligence is carried out on third-
rights including modern parties with whom IHG enters into hotel relationships. This includes sanctions monitoring,
slavery, human trafficking and third-party screening and internal communications – for example, an annual update is
labour laws, and financial communicated to the Legal, Development and Strategy teams and other relevant
crime) from a range of external colleagues providing a reminder of ‘No Go’ countries and sanctions issues that may
stakeholders such as corporate restrict IHG.
sales clients, investors and • The E&C team currently monitor training completions, gifts & entertainment reporting and
NGOs. With trading headwinds owner due diligence escalations. These areas help demonstrate whether the design of the
in some markets, increased Ethics & Compliance framework and core processes of the underlying programmes are
pressure can be placed on operating effectively. The E&C team monitor activity of the Confidential Disclosure Channel
compliance programmes, and and have regular discussions with regional Legal teams to help identify emerging issues.
a heightened risk of liabilities In addition, the E&C team receive informal queries/escalation of issues via an Ethics and
relating to our franchise model Compliance email channel, which is publicised in training and awareness materials, and
both in relation to brand directly from employees, for example in face-to-face training sessions.
reputation issues as well • The Board receives regular reports on the Confidential Reporting Channel and matters
as litigation. directly related to our responsible business agenda.

Failure to capitalise on • Our comprehensive channels strategy is a key driver and enabler of accelerated growth.
innovation in booking We continue to seek opportunities to align and innovate our channels and technology
technology and to maintain platforms (see page 21). Our IHG Concerto™ platform is operating at all IHG hotels, and
and enhance the functionality we are continuing to add more capabilities to the platform to enhance revenue delivery.
and resilience of our channel • Our Guest Reservation System (GRS) is hosted by a third-party vendor, Amadeus,
management and technology in the cloud and supported by infrastructure which serves to decrease the likelihood
platforms (including those of of downtime. Availability of GRS and other key systems continues to be monitored on
third-parties on which we rely a 24/7 basis by the Network Operations Centre. Metrics are regularly reported to
directly or indirectly), and to Commercial and Technology leaders so they can monitor performance.
respond to changing guest
• As our industry evolves, and with our acquisition of new brands, we have continued to
and owner needs remains a
review the capabilities of our systems in relation to market trends and expectations.
dynamic risk to IHG’s revenues
and growth ambitions. The • In 2019, we also introduced regional revenue forums to focus on forecasting future
pace of change in the business and determining integrated commercial plans to address challenges.
hospitality industry continues
to accelerate and IHG must
evolve to effectively grow and
compete in the marketplace.
Technology is crucial to our
strategy as we face increasing
competition from both existing
and new players in the travel
space.

50 IHG  |  Annual Report and Form 20-F 2019

Risk description Trend Impact Initiatives to manage these risks

IHG’s continuing agenda to • The progress of our Group-wide efficiency programme has been tracked by the Board
accelerate growth gives rise and Executive Committee, and the majority of our centrally driven transformation
to inherent risks, for example activity has now transitioned to Senior Leaders.
as we transition systems, • Following the changes to our organisational structure in 2018, in 2019 we conducted
operating models and corporate-wide virtual learning summits and we maintain a central digital hub for
processes. The potential process and learning materials to enable our employees to find details about processes,
exists to impact commercial learning content and key process owners.
performance and financial
• Our focus on accelerating growth has included review of risks relating to offshoring and
loss, and undermine
outsourcing by Senior Leaders and the Board. Our Strategic Supplier Management
stakeholder confidence.
Office has been established to manage existing critical supplier relationships as well as
As we move towards larger,
new outsourcing and/or business-critical relationships driving our strategic objectives.
more strategic outsourcing
Our legal teams review contracts and provide advice on litigation, where required,
relationships for business-
and our insurance programme also provides a degree of protection in the event of
critical services, inherent risk
supplier failure.
levels are also raised.
• Oversight teams, including our finance experts, have evolved governance and control
frameworks and we also regularly review delegated approval authorities and processes
to enable decisions on investments to be made quickly and efficiently with consideration
of the risks involved. HR Business Partners continue to work with Senior Leaders to
identify and retain key individuals across the business, and succession planning
practices are in place to ensure continuity of key initiatives and business operations.
• During 2019 we reviewed our financial governance and controls relating to the integration
of our acquisitions. For example, the integration of Six Senses into IHG’s financial control
environment has been overseen by a dedicated governance committee.
• We have an established approach to System Development Lifecycle, and specific risks
to delivery of the Global Reservations System have been managed throughout the
programme of implementation (including those relating to technical delivery, business
process testing and operation readiness testing).

Macro external factors such • While these factors are mostly outside our direct control, we track uncertainties which
as political and economic may impact the hospitality industry and which need to be considered in our strategic
disruption, the emerging risk and financial planning. These types of risks are addressed in strategic review, including
of infectious diseases, actual our market participation choices, particularly in emerging and key growth markets.
or threatened acts of terrorism • During 2019, many leadership teams have used formal and informal scenario planning
or war, natural or man-made to anticipate the potential impact of these risks. The Board and Executive Committee
disasters could have an impact receive regular updates on these types of factors from both operational and subject
on our ability to perform and matter experts so that possible implications for IHG can be considered.
grow. Heightening of macro-
• Our in-house threat intelligence capability, supplemented by third-party expertise and
economic tensions could lead
methodology, supports development, hotel operations and customer-facing sales teams
to a downturn impacting our
with planning and response to macro factors, for example concerns relating to terrorism,
ability to grow.
extreme weather events, or infectious diseases such as Covid-19. We are also
increasingly able to complement more traditional sources with digital intelligence to
anticipate potential impacts on IHG’s interests.

IHG  |  Annual Report and Form 20-F 2019  |  Strategic Report  |  Risk management 51
Strategic Report

Risk management continued

Risk description Trend Impact Initiatives to manage these risks

As a global business, we are • During 2019, our Corporate Responsibility team worked collaboratively with teams
conscious of greater focus across IHG (including Human Resources, Business Reputation and Responsibility and
from a wider range of Procurement) to consider the broader environmental and social risks associated with our
stakeholders on business. These risks and opportunities are considered as an integral part of Board
environmental and social strategy discussions in relation to our commitment to responsible business. In 2019, this
mega-trends. These include culminated with the approval of a science-based target relating to carbon reduction.
regulators and investor groups • As part of our responsible business strategy refresh work, we are also working with
(such as the Task Force on third-party experts to develop our responsible business targets for post 2020 and have
Climate-related Financial made a formal commitment to implement the recommendations of the TCFD. In 2020
Disclosures (TCFD), and we will be developing a disclosure roadmap for the coming years. More broadly we
emerging risks presented by recognise that continued collaboration across the wider industry is required to
climate change which have the collectively combat climate change. We are taking an active role in this via our
potential to impact membership and active participation in several industry bodies, including the
performance and growth in International Tourism Partnership (ITP) and the World Travel and Tourism Council (WTTC).
key markets.
• Our values and behaviours, underpinned by our Code of Conduct, inform our decision-
making at all levels. For example, specific elements of our Code of Conduct define
expectations for IHG employees in relation to human rights and the environment. Our
Supplier Code of Conduct and Human Rights Policy have been updated during 2019 and
our Procurement, Legal and Risk teams monitor supply chain and human rights risks, see
pages 26 and 27.

Failure to maintain an effective   • The environment in which IHG develops and operates hotels continues to evolve and
safety and security system impacts the safety and security risks faced by IHG. These risks are assessed as stable
and to respond appropriately overall, but our approach is reviewed continuously to ensure that it remains fit for
in the event of disruption or purpose, and able to anticipate and respond to the risk of an incident damaging the
incidents affecting our Group’s reputation.
operations more broadly could • Our design and engineering, hotel opening and operations teams work together with
result in an adverse impact to our risk management experts to evaluate standards and develop capability to respond to
IHG, such as reputational and/ an incident via training, intelligence tracking and standard operating procedures, and
or financial damage and also deploy crisis management procedures where required for less predictable events.
undermining confidence from
• For example, the risks of epidemics such as Covid-19, earthquakes and extreme weather
our colleagues, guests, major
events continue to pose a threat to IHG’s operations, and are managed through refresher
sales accounts and wider
training, advanced monitoring and warning and standard operating procedures.
stakeholders. This risk relates
both to our direct operations • In relation to geopolitical and terrorism risks, we deploy external industry benchmarking
in hotels and other locations to allocate all pipeline and operational hotels a threat category. The category definitions
where we have management are designed to guide hotels to make their own risk-based decisions on how to mitigate
responsibility, and also to local security threats. Categories are reviewed regularly to adjust to the dynamic threat
outsourced activities and environment in which IHG develops and operates hotels.
others with whom we • We continue to monitor UK Government and Local Authority investigations into the
collaborate and trade, Grenfell tragedy. We will review our own fire and safety requirements once any changes
including the owners of our and/or recommendations to building regulations and best practice are published, and
franchised hotels which will work with owners and operators of IHG branded hotels to provide appropriate
operate as independent support and guidance.
businesses. • IHG has also created a toolkit and resources for hotels to use to provide guests with
menu allergen information, making it easier for them to identify ingredients they
need to avoid.

52 IHG  |  Annual Report and Form 20-F 2019

Risk description Trend Impact Initiatives to manage these risks

A material breakdown in   • We continue to operate an established set of processes across our financial control
financial management and systems, which is verified through testing relating to our Sarbanes-Oxley compliance
control systems would lead responsibilities. See pages 73 and 160 to 163 for details of our approach to taxation,
to increased public scrutiny, page 73 for details of our approach to internal financial control, and pages 182 to 185 for
regulatory investigation and specific details on financial risk management policies. These processes and our financial
litigation. This risk includes planning continue to evolve to reflect the changes in our management structure and
our ongoing (and stable) business targets.
operational risks relating to • To mitigate risks from adoption of the new accounting standard, IFRS 16 ‘Leases’,
our financial management existing controls were modified and new controls added. Controls are revisited at least
and control systems; the once a year for modification or addition.
continuing expectations of
• As our hotel estate evolves and grows, we also adapt our approach to financial control.
IHG’s management decision
Given the differences in the culture and ways of working across our regions, we apply
making and financial
globally and/or regionally consistent policies and procedures to manage the risks, such
judgements, in response
as fraud and reporting risks, wherever possible.
to evolving accounting
standards, which have added • Our Group insurance programmes are also maintained to support financial stability.
complexity to our control
responsibilities; and our own
business model and
transactions.

IHG  |  Annual Report and Form 20-F 2019  |  Strategic Report  |  Risk management 53