GLOBAL ONE HOTEL GROUP, INC.

RISK MANAGEMENT SYSTEM

GLOBAL ONE HOTEL GROUP, INC. (“GOHGI” or the “Corporation”) faces a number of known and unknown risks in different forms and varieties. To ensure its stability and sustain its corporate value, the company continually assesses these various risks to prioritize and appropriately manage the corresponding mitigation measures. 

The Board’s commitment to risk management is strongly demonstrated by the Board Risk Oversight Committee’s (ROC) close monitoring of GOHGI’s risks and the implementation of the corresponding mitigation strategies. The Committee oversees the enterprise risk management framework that employs a comprehensive and integrated approach to risk management process of identifying, assessing, monitoring, and managing risks in business activities. The Corporation’s risk management structure is built around three main components: governance, people, and processes. 

Enterprise Risk Management (ERM) is headed by the Chief Risk Officer (CRO), who is responsible for analyzing and mitigating risks that could impede the achievement of the organization’s goals. The CRO leads the formulation of risk management policies, methodologies, and metrics in alignment with the overall business strategy. In a dynamic business environment, the CRO proactively manages the risks to address the impact brought by the change in the organization’s operating requirements. Alongside risk strategies implementation, the CRO ensures that the risk-aware culture is maintained by facilitating across-the-board learning programs, benchmarking and promoting best practices.

At the management level, a Risk Steering Committee facilitates an open and transparent interaction and communication among the heads of different departments and strategic business units in defining aspects related to the identification, analysis, evaluation, and treatment of strategic, operational, and project risks the business is exposed to. The department heads are responsible for managing the operational risks, ensuring that mitigation strategies are implemented and internal controls are effective. The committee meets every quarter to assess the effectiveness of the risk mitigation strategies for identified risks and potential shifts in the operating environment that give rise to new risks.

The Risk Oversight Committee (ROC) shall meet quarterly where the CRO presents the status of risk management, risk mitigation plans, emerging risks, and other risk related topics that can potentially affect the business operations.

Key Enterprise Risks

The Corporation is cognizant of the present operational risks within its hotel infrastructures. While operational risks may be similar, the differences are apparent in its intensity and impact. Operational risks in this context include service delays, employee performance, inefficiencies, quality concerns, and the like. The Corporation endeavors to limit the impact of these risks by going through the risk management exercise of identifying, assessing, planning, implementing mitigation strategies, and monitoring the outcome. The performance of the exercise is reiterative as it is expected that new and relevant risks will emerge. 

The Board consistently emphasizes the importance of compliance with regulatory laws and regulations for continuous and smooth business operations. It also urges teams and departments to keep abreast of the latest updates and changes in laws and regulations to ensure that the organization can comply on time. The Compliance team and the relevant departments keep a close monitoring on any new or change in laws and regulations for both local and national, particularly related to hotel operations. Moreover, awareness of laws and regulations is promoted through various channels such as awareness sessions, email blasts, internal memos, and focus group discussions.  

The Corporation’s financial risks specifically revolve around internal fraud (e.g., employee defalcation or cash skimming) and external fraud. To effectively manage hotel cash risk, the Corporation enacts a stringent system of internal controls, chiefly implementing segregation of duties so no single person controls an entire cash transaction, from receipt to bank deposit. Procedural and administrative safeguards, combined with routine spot audits and comprehensive employee fraud training, are essential to mitigating the legal and financial exposure from asset misappropriation and maintaining financial integrity. 

The organizational risk context is mainly on organizational structure and culture. With the fast-paced and fast-growth environment of the Corporation, keeping and attracting the right talents are key to the consistent performance and delivery of commitments. Strategies, policies, and procedures are in place to manage this risk, and these are regularly reviewed for continuous improvement. Setting clear policies and procedures creates a culture of clarity, transparency, and empowerment among leaders and team members.

The Corporation prioritizes safety and security and always considers the environmental implications of its projects in all locations. The company has a Safety team that conducts safety and security audits in all its properties. This gives the Company assurance that risks are identified and adequately mitigated, and where areas for improvement are identified, appropriate actions are taken. 

A Business Continuity Team has been established along with a Disaster Risk Reduction and Management Policy and procedures to ensure that the organization is ready to respond to any environmental eventualities. As a risk mitigation strategy, the Corporation partners with insurance companies for insurance coverage of all properties. To ensure appropriate insurance coverage, a risk assessment is conducted and considered in the insurance policy of each property.

Incorporating digital innovations into risk management processes enables the Corporation to enhance responsiveness in the face of rapidly evolving threats and challenges. Through advanced data analytics and the implementation of the Digitalization Strategic Roadmap, the Corporation aims to automate manual transactions, enabling real-time reporting to enhance the Company's efficiency. Furthermore, digital solutions streamline risk management workflows, improving efficiency and reducing human error. 

As the Corporation embraces digital transformation as a long-term business strategy, it recognizes its increasing reliance on cloud services providers (CSPs), online tools and applications, gadgets andother technology tools in the conduct of business. Conscious of technology benefits and risks, Corporation formed an Information Security Management (ISM) Team and appointed a Data Protection Officer (DPO) to safeguard its information assets through appropriate risk assessment and mitigation planning. 

The ISM Team, led by the DPO, performs security risk assessments, promotes information security practices, develops information security policies and procedures, and conducts training or learning sessions periodically. It works closely with ERM to align mitigation plans considering the inter-relationship of risks and mitigation requirements. The information security manager, together with the CRO, reports to the Risk Oversight Committee on the status of information security management initiatives and updates, including emerging risks that may significantly impact the company’s systems and processes. 

The Corporation’s goal of a risk-aware culture is a continual effort as new members join the company from time to time. Existing risks evolve as the business continues to grow, demanding attention and new mitigation strategies. On the other hand, the company is on the lookout for emerging risks that might appear irrelevant at the onset but could eventually become a significant factor in major business decisions.