CMP Series

Rethinking Risk

Risk-management plans tend to focus narrowly on catastrophic possibilities and to approach risk strictly as a negative proposition. But each new element you introduce into your meeting represents a calculated risk - and sometimes the payoff is positive.

RiskCarol Fox likes to share an anecdote to help put the concept of risk into context. Before joining RIMS, the Risk Management Society, where she now serves as director of strategic and enterprise practice, she worked for a company with a number of call centers along the Florida coastline. Each year, Fox told Convene, the company made contingency plans for the hurricane season — “a lot of preparation similar to what meeting planners would do,” she said, “in terms of emergency response and continuity.”

One year, seven or eight of the company’s contact centers were affected by four hurricanes that hit the Florida coast over a six-week period. Fox and her team “didn’t miss a beat,” she said. “We were pretty proud of that.” During that time, while on a plane to New York, making small talk with a fellow passenger, Fox mentioned her company’s hurricane preparedness and response. Her seatmate, she recalled, said, “Oh, hurricanes. We love hurricanes!”

Fox was stunned until she learned that he worked for Shop-Vac, the wet-dry vacuum company. “Our sales go up even with the threat of hurricanes,” he told her. So while she was looking at risk — in this case, the threat of hurricanes — strictly in a negative way, for him, it had a positive financial outcome. The conversation showed Fox, who has since earned the Associate in Risk Management (ARM) designation, that “it really is about your perception of what risk is,” and that risk can be utilized as a way to “create value and not just protect an organization.”


The way meeting professionals perceive risk was the topic that Linda Robson, Ph.D., chose to explore for her dissertation several years ago. Robson, now an assistant professor at the Endicott College School of Hospitality Management in Beverly, Mass., had logged 20 years as an event planner, and after Sept. 11 had noticed an increased urgency to create risk-management plans for events. But she couldn’t find anything more than what she calls “reactive” emergency plans for dealing with catastrophes, natural disasters, and terrorist attacks. For those kinds of crisis situations, Robson said, cities and venues already have their own policies and procedures in place, and she couldn’t help thinking that “there is really more that we as event professionals have to develop” in terms of risk planning.

Robson’s research into risk management turned up “this rough idea that we have to identify risks, then assess them, then manage them,” she said. “But even that information was kind of sketchy.” She couldn’t find a risk model that applied specifically to meetings and other live events. “As part of my doctoral research, I interviewed eight different event planners and asked them to define risk,” she said. “We did three rounds of interviews to come up with a definition. Their feeling was that risk in terms of events is never positive. The risk itself is negative. We are a risk-averse industry. It’s different than when you look at it from a business perspective. Somebody with a business background is looking at risk as a possibility of an opportunity — if I take this risk, I might make money. We don’t take risks in the events industry; in terms of the actual event itself, we don’t want a risk.”

Carol Fox
Carol Fox

If other businesses take a more multifaceted view of risk, imagine how RIMS, the society for risk-management professionals, sees it. “We think about risk differently,” Fox said. “We think about risk as an uncertain future outcome that can either improve or worsen your position.” When Stuart Ruff, CMP, joined RIMS as director of meetings and events in October 2012, he figured — as an experienced meeting planner — that he had a handle on risk as it related to events. But it wasn’t long before he saw “a different light” on how to apply risk-management principles to meetings. “Risk management isn’t just crisis management,” he said. “I think a mistake a lot of meeting planners make is they have some formulaic crisis plan.”

At RIMS, Ruff considers each aspect of an event in terms of risk “appetite.” RIMS has “a certain appetite for how much financial risk we are willing to take with a new initiative or event,” he said. “It could be [something like] a technology upgrade. It’s not just about thinking about what we’re going to do if there’s an earthquake or terrorist attack. It’s really analyzing every aspect of the event and the risks that are there. Every new expense is a risk. Every new vendor is a risk. Everything presents a risk. It’s a very serious job working for a place like this to appropriately analyze these risks and determine if the risk is worth the potential reward or if the potential negative aspect will outweigh the positive.”

While all meeting professionals recognize at some level that every initiative or change involves risk, “the way we approach it is probably more serious,” Ruff said, requiring deeper analysis, cost breakdown, and proper documentation. In fact, he likens risk management to the Strategic Meetings Management Program (SMMP) initiative for the meetings industry — an enterprise-wide discipline that touches every single department. For example, “talent risk” involves HR, while “reputation risk” would be a function of marketing and communications. “Every decision you make working for an organization like RIMS,” he said, you begin to see as having an associated risk. Host-destination and keynote-speaker choices are examined in terms of whether they’re too risky — or not risky enough. “We have to take calculated risks,” Ruff said, “to improve what we’re offering and our member-approval ratings, and [to] retain our conference attendees.”

All meeting planners share the goal of “trying to make our meetings successful,” he said, “but a lot of meeting planners are very risk-averse. They’re too cautious and they get too comfortable in their comfort zones. You can’t do that in this business anymore. Staying in your comfort zone and not taking calculated risks is definitely potentially setting yourself up for failure.”


RIMS is evolving as an organization and in the way it puts on its meetings, “just like any other society,” Ruff said. For example, RIMS is “doing a deep dive” into hybrid events this year. “One of the things we did with our ERM [Enterprise Risk Management] conference last year is that we invested — risked — some capital in order to do online streaming for two of our sessions,” Fox said. “They were very successful. We attracted 200 additional people that created a buzz about the conference — and a number of them were not RIMS members.”

Before launching the hybrid initiative, RIMS evaluated it in terms of the organization’s tolerance for risk. “There is a range that we will tolerate,” Fox said. “Those become our boundaries in how we look at initiatives. We do look at the intangible — and it’s not just the meetings and events, it’s across our whole portfolio. But we do look at new events, whether they could bring tangible and intangible benefits. Even if [the initiative may not produce] a revenue stream, we may find that the other benefits might be worthwhile in expanding our mission, and we may move forward with it. And then we look at the risk associated with it at that point. We go through a specific decision tree in order to get to [the decision of whether] we pursue this or not.”

What we aim to do with risk management is to show due diligence to create a safe and secure environment as much as we can.

Robson also encourages meeting professionals to develop a framework they can use to evaluate the risk level of each element of an event. Moving into the part of the plan that deals with the on-site safety of attendees, Robson said, planners should take into account “all of the things that we can do to create a safe and secure environment. I always stress that there is no such thing as a risk-free environment. We can’t make an environment risk-free, because we have people there and people are unpredictable. What we aim to do with risk management is to show due diligence to create a safe and secure environment as much as we can, [but] there are going to be things that happen that are beyond our control and they are beyond our imagining. What we want to do is be as thoughtful and diligent as we can pre-event, so that when something happens on site we can deal with it.”

Robson recommends that planners identify risks and use assessment models from other fields, such as insurance and criminal justice. “There are a variety of different types of risk-assessment models that you can use,” she said. “You can assign risks in terms of probability and consequence. We go to weather reports, for instance, and we look up the history of the weather in an area so that we can be more confident in our assessment of whether or not weather is going to be a risk [during a meeting] or what type of a risk it’s going to be.”

Risks can be grouped together under categories, such as people, property, operations, legal, and ethical. After an assessment of risk level — high, medium, low — you would employ one of four strategies: avoid, retain, accept, or transfer. “Action plans are generally developed in such a way that they can apply to more than one type of risk manifesting [itself],” Robson said. “It’s all of the proactive pieces that you [put in place]. So if you’ve created an action plan for a medical emergency, it will apply to any type of physical injury. It’s the same process you would go through whether somebody had a heart attack or if they twisted an ankle.”


Lastly, if your risk-management plan is not well documented and well communicated, then “it doesn’t matter how good it is,” Rob-son said. “If a risk manifests itself and something goes wrong [at your meeting] and you’re sued and you’re in a court of law, you [have to be able to] demonstrate due diligence. That’ s not necessarily to say that you’re not responsible, but at the very least it offers you and your organization and the event some protection.”

An action plan has to include “something called ‘triggers,’ which are your indication that the risk is about to manifest itself,” Robson said. “Triggers are ways to either then be able to mitigate the risk before it manifests or to give you an early warning that it’s going to happen and you’re going to have to implement that action plan. It gives you that early warning system. The thing that I stress is that we have to have documentation. Event professionals are notoriously horrible at writing things down.” For much of the action plan, Robson said, checklists “are the way to go.”

From Robson’s research and experience has come the realization that among the biggest risks to any event are planners themselves. “We’re probably one of the biggest risks to the event that there is because, again, we’re horrible at writing stuff down,” she said. “And so, great, we’ve got this fantastic risk-management plan” — but it all resides with one person. And that’s too big a liability.

The challenge with developing a successful risk-management plan is “to be as inclusive” as possible. “What we tend to do is, we know what types of events we’ve done in the past, and so we tend to fall into a box of, okay, these are the risks,” Robson said. “We want to try to expand that thinking, and to pull ourselves out of our comfort zone and out of our comfort framework of thinking.”

Test Time

Earn one hour of CEU credit. Once you finish reading this CMP Series article, read the following material:

To earn CEU credit, visit to answer questions about information contained in this CMP Series article and the additional material.

The Certified Meeting Professional (CMP) is a registered trademark of the Convention Industry Council (CIC).

Michelle Russell

Michelle Russell is editor in chief of Convene.