Wärtsilä, such as any company, is exposed to risk through the normal course of its activities. No business can be conducted without accepting a certain level of risk, and any expected gain from a business activity is to be assessed against the risk that activity involves.
The purpose of risk management is to ensure that we are able to effectively execute our strategy and to reach our targets, in the short term as well as over the long run. The key is to identify the risks that have the potential to restrain us from reaching our goals, and thereafter to determine whether those risks are within the limits of our risk appetite. In any case, actions need to be taken to avoid, mitigate, transfer, or to purely monitor the risk. For this purpose our structured risk management process offers a set of reactive, proactive, protective, and preventive tools that are used not only to protect us against threats, but also to turn some of the risks into opportunities.
Risks can only be managed if they are identified and understood in advance, and plans have been made to manage them. Therefore, risk management is a central part of Wärtsilä's strategic and operational management.
Risk management principles
Risk management at Wärtsilä is a continuous process of analysing and managing all the opportunities and threats faced by the company in its efforts to achieve its goals, and to ensure the continuity of the business. The basis for risk management is the lifecycle quality of Wärtsilä’s operations and products, and the continuous, systematic, loss-prevention efforts at all levels of the Group based on the principle “everybody is responsible”. In the long-term this is the only way to reduce the total risk related costs.
The Board of Directors and the Board of Management decide and give guidelines on strategic matters. The Businesses are responsible for achieving their set strategic goals and for mitigating and managing their risks. The Corporate Risk Management function is part of Group Treasury, which reports to the CFO. The function is responsible for the risk reporting process and conducting risk assessments with the Businesses, as well as with their underlying organisation. It co-ordinates risk management activities within the Group, reviews the business risk profile, prepares the risk management policy, and co-operates with the Businesses in the implementation of risk mitigation work. Furthermore, it develops and manages global and local insurance schemes for insurable risks.
The Audit Committee reviews and assesses the adequacy of this risk management. The Internal Audit function is responsible for reviewing the risk management process on an annual basis.
Risk mitigation actions are decided in the normal course of business. At its meetings, the Board of Management conducts annual Management Reviews for each Business, including their risks and risk mitigation. The risk maps of the Group and all Businesses are then presented within the Finance Management Review prior to the budgeting round in the autumn.
The risks are identified as being either internal or external, they are quantified in euro, and their probabilities are estimated. The Group risk report is then prepared and presented to the Board of Directors.
Risk management is part of the Businesses’ management process and risk management has been integrated into the Business Management teams’ agenda. The Businesses are accountable for organising and reporting on risk management from their underlying geographical business areas, business lines and product centres. All follow-up actions are also the Businesses’ responsibility.
Wärtsilä defines risk as the effect of uncertainty on our objectives. A failure to capitalise upon an opportunity is also recognised as a potential risk. The magnitude of a risk is determined based on the combination of the probability and the loss exposure of the occurrence. The relevant risks for Wärtsilä have been classified under four categories: strategic, operational, hazard, and financial risks. The outcome or potential loss expectancy is highest with strategic and operational risks and lowest with hazard and financial risks.
Risk radars are used to map the primary risks within the risk categories. Through annual risk assessment workshops between the Businesses and the Corporate Risk Management function, Business specific risk radars are generated for the use and evaluation of the Business Management teams, and are reviewed and updated on a regular basis by them. The Business specific radars are consolidated into a single Group Risk Radar, which is presented to the Board of Directors and the Audit Committee once a year. The purpose is to facilitate the discussion on risk and to give a quick overview of where priorities should lie in terms of risk management. In the next chapters Wärtsilä’s current strategic, operational, and hazard risks are discussed in more detail. Financial risks are presented in the notes to the financial statements, note 31.