Wärtsilä, like any other company, is exposed to various risks through the normal course of its activities. No business can be conducted without accepting a certain level of risk, and any expected gains from business activities are to be assessed against the involved risks.
The purpose of risk management is to ensure that Wärtsilä is able to effectively execute its strategies and reach its targets, in the short-term as well as over the long run. The key is to identify the risks that have the potential to restrain the company from reaching its goals and to determine whether such risks are at an acceptable level.
By definition, risk is the effect of uncertainty on objectives. An effect is a deviation from the expected, positive or negative; in other words, either a threat or an opportunity. Actions need to be taken to avoid, mitigate, transfer, or monitor identified risks, or to capture and utilise the opportunities. Wärtsilä’s structured risk management process offers a set of reactive, proactive, protective, and preventive tools that are used not only to protect the company against threats, but also to turn some of the risks into opportunities.
Risks can only be managed if they are identified and understood in advance, if risk treatment plans for managing them are made, and if a process of continuous follow-up is in place for the related controls. Therefore, risk management is a central part of Wärtsilä’s strategic and operational management.
Risk management at Wärtsilä is a continuous process of analysing and managing all the opportunities and threats faced by the company in its efforts to achieve its goals and to ensure the continuity of the business. The basis for risk management is the safety and lifecycle quality of Wärtsilä’s operations and products and the continuous, systematic loss prevention efforts at all levels of the Group, not only as an integrated part of management systems, but as part of every employee’s daily work. In the long-term, this is the only means for reducing overall risk related costs.
The businesses are responsible for their risks and rewards, and thus managing risks is the responsibility of business management teams and individual managers. The risk management process at Wärtsilä is embedded in the company’s culture, and practices are tailored to fit the business functions and processes of the organisation. The risk management process can be seen as a continuous loop consisting of the repetitive steps of context establishment, risk assessment, risk treatment, communication and consultation, and finally monitoring and review.
Wärtsilä employs both Group-wide and project-specific risk assessment and management processes. The Group-wide risk assessment process results in action plans being prepared for the identified and prioritised risks. Risk mitigation actions are decided in the normal course of business.
Wärtsilä’s Board of Directors is responsible for defining the Group’s overall risk tolerance level and for ensuring that Wärtsilä has adequate tools and resources for managing risks. The Board reviews the risk profile regularly.
The President & CEO, with the assistance of the Board of Management, is responsible for organising and ensuring risk management in Wärtsilä’s operations. To further enhance risk reporting, quarterly reporting to the Board of Management was implemented during 2020.
The Board of Directors and the Board of Management decide and set the guidelines on strategic matters. The businesses are responsible for achieving their set strategic goals and for defining action plans for managing the most important risks. The Corporate Risk Management function is part of Group Treasury, which reports to the Chief Financial Officer. The function is responsible for the risk reporting process and for conducting risk assessments with the businesses and their underlying organisations.
The relevant risks for Wärtsilä are classified under four categories: strategic, operational, hazard, and financial risks. The potential loss expectancy is the highest with strategic and operational risks and the lowest with hazard and financial risks. The risks in most of these categories can have both upside and downside impacts. In this regard, hazard risks are an exception, since for them only a negative effect is possible.
The risks reported quarterly by the businesses are mapped within the appropriate risk categories. A summary of the main identified risks is presented to the Board of Directors and to the Audit Committee once a year. The purpose is to facilitate the discussion on risks and to give a quick overview of where priorities should lie in terms of risk management.