Operational risk management – why it is a non-negotiable for the apparel industry

December 29, 2020

Effective operational risk management is an imperative for the apparel industry, being relevant during times of growth and expansion as well as amidst downturns and periods of uncertainty. This is because operational risks arise largely from human error, mismanagement and poor judgement which require the continuous improvement of a business’s systems and processes to minimise.  

We developed this guide to help apparel industry companies of all sizes think through where they are exposed to operational risk and develop approaches to its management.

What is operational risk?

You can think of operational risk as a potential loss due to a breakdown or failure of your internal processes. The range of these risks stem from human decision making about how an organisation should function and conduct its business as well as manage its relations with partners and stakeholders. In this way an organisation’s policies and procedures matter as much as its values and ethics. 

The types of operational risk

To show why the presence of effective internal processes and oversight is important, let’s look at the areas where operational risks often emerge:

  • Internal fraud describes an employee engaging in activities like tax evasion, embezzlement, paying bribes and giving kickbacks, colluding with trade counterparties and the misappropriation of assets. 
  • External fraud is when an organisation encounters damages from physical or digital theft, hacking, forgeries and related forms of trespass from external parties.
  • Unfair employment practices are the risks associated with discrimination in the hiring and firing process, paying exploitative wages and providing insufficient worker’s compensation insurance. 
  • Poor working conditions are the risks associated with inadequate employee health and safety measures, including around training and education, safety auditing and protection from harassment. 
  • Improper business practices are when the people of an organisation engage in antitrust behaviour, collusion, market manipulation, improper trade activity and breaches of fiduciary responsibility. 
  • Insufficient quality control is a risk area that can result in product defects and cause recalls and harm to end users.
  • Damage to physical assets describes when an organisation incurs losses due to events like natural disasters or acts of terrorism and vandalism.
  • Systems failures are the risks associated with the breakdown of an organisation’s hardware and software systems.
  • Poor execution and process management are the risks stemming from negligence in compliance reporting, data entry, accounting and asset management. 

Managing against operational risk

As you can see from the above list, there are many areas of business operations where risks can materialise, making their active management a necessary business priority. The first step is to recognise that operational risks arise from the way things are done in your business – whether or not policies are adhered to, processes are properly implemented, procedures are followed, codes of conduct are embraced, and so on.

This has given rise to the role of auditing for risk identification. A regular audit of your business functions and teams is key to discovering where risks exist and discerning the right measures to prevent or mitigate them. Although the process may sound arduous or expensive, it can be straightforward. A good starting point is to decide whether you will conduct the audit in-house or outsource some or all of it. 

The benefits of in-house auditing vs outsourcing

In-house auditing benefits from a more intimate knowledge of your business culture and processes, greater alignment with the expectations of your management team, better after-audit monitoring of the recommendations and more time to carry out the audit. On the flip side, it can suffer from the high cost of salaried internal auditors, a greater risk of conflict of interest due to loyalties between the internal auditor and their colleagues, and a reluctance to report negative findings. Outsourcing is advantageous when you need broad experience or very specific knowledge and skills, are working within an urgent timeline and require assurance of objectivity. It may not be the best option due to a lack of control over costs, minimal after-audit monitoring, and ineffectiveness due to the risk of employees withholding sensitive material.”

The costs of auditing can vary widely. To keep costs under control, it is important to understand your needs and develop a budget that accurately reflects them. This will ensure you only hire or outsource for what you need. Another consideration is the frequency of your audits. If you plan to conduct them often, it may be more cost-effective to hire an internal auditor. If only once or twice a year, outsourcing the service is likely the more economical option. 

Getting started in operational risk management

For an idea of how to go about auditing for operational risks, one approach is to create an assessment matrix which ranks the risks pertinent to your business according to their severity and likelihood. For example, the severity range could go from insignificant to catastrophic and the likelihood range from negligible to probable (source). This provides a framework for reviewing your business against the types of operational risks outlined above as well as determining where risks lie in terms of priority and the right response should they materialise. 

Knowing your risk appetite - your response to risks, either before they occur or as they materialise, is determined by your risk appetite. There are four categories of responses to be aware of:

Accepting the risk - if you identify an insignificant risk with a negligible likelihood of occurrence, it is unlikely you will expend much effort in its mitigation. This is a risk you would be willing to accept.

Transferring or sharing the risk – if you identify a risk that would be particularly damaging if it materialised, you may transfer the risk to another party. A relevant example from the impact of COVID-19 on the industry would be suppliers purchasing insurance to guarantee payment in the event of an order cancellation. Another option is to share the risk, say, by spreading the cost of its materialisation across a few business partners. 

Reducing the risk – if you identify a risk that is both significant and probable, but which also has an obvious solution, you may choose to reduce the risk. For example, your factory equipment is aging and showing signs of malfunction; it would be cheaper in the long-run to replace it early than to take action only after it causes harm. 

Avoiding the risk – say during your operational risk audit you realise you are or could be exposed to risks that are at odds with the interests of your company. Avoidance is not engaging in the course of action that would lead to the risks materialising. This is most often accomplished by policy announcements or procedural adjustments. 

Adopting ESG for better operational risk management 

Operational risk management can also be approached through the lens of business ethics and frameworks like Environmental, Social, Governance (ESG). For example, better manufacturing compliance can be accomplished by setting ESG-related standards for your supply chain – no child labour, humane working conditions, a low environmental footprint, and so on. Such standards work to minimise operational risks by holding accountable the human actors responsible for meeting them. 

The business value of adopting ESG values also extends to credential building for suppliers. Because apparel buyers often ask for certifications and audits of various kinds before doing business with a supplier, having a strong ESG score can help these organisations win more business and cultivate a reputation for excellence. In this way good business practices are like compound interest: the long-term value is surprisingly attractive. 

If you’re interested in learning more about risk management and other topics related to the apparel industry, registered companies can join Serai today. Click join, submit some basic information about your company and get started.
If you’re interested to learn about the different types of risk solutions we offer together with Coface, Dun & Bradstreet, and Euler Hermes, click here

Sign up for Serai

Join Free