Internal control

Internal control framework

• Performance management

  Planning and target setting, an integral part of performance management in Wärtsilä, is a regular management activity and not part of Wärtsilä's internal control system. The establishment of objectives, however, is an important pre-requisite for internal control. Through the performance management process, financial and non-financial targets are set for Wärtsilä annually at the Group level. These Group level targets are then translated into targets for the Businesses, Group companies, and eventually for individuals.
  
  The achievement of the annual targets is monitored through monthly management reporting. The performance of the Businesses and the achievement of the annual targets are reviewed on a monthly basis in the respective Management team meetings. The performance relating to the targets set by the Group and the different Businesses are reviewed on a monthly basis by the Board of Management. The respective management teams and the Board of Management also address the reliability of Wärtsilä's financial reporting.
  
  Wärtsilä's financial reporting is carried out in a harmonised way in all major Group companies, using a single instance ERP system and a common chart of accounts. The International Financial Reporting Standards (IFRS) are applied throughout the entire Group. Wärtsilä's finance and control process is essential for the functioning of internal control. Adequate controls in the financial management and accounting processes are needed to ensure the reliability of financial reporting.
  
  The Board of Directors regularly assesses the adequacy and effectiveness of Wärtsilä's internal controls and risk management. It is also responsible for ensuring that the internal control of accounting and financial administration is arranged appropriately. The Audit Committee of Wärtsilä’s Board of Directors is responsible for overseeing the financial reporting process. The Group Business Control function is responsible for notifying relevant levels of management regarding deviations from plans, analysing the underlying reasons, and suggesting corrective actions. Group Business Control supports the Businesses in decision-making and analyses to ensure the attainment of financial targets. It maintains and develops the company's performance management processes, so that the management at different levels of the organisation is able to receive timely, reliable, and adequate information regarding the achievement of the organisation's objectives. In addition, it is responsible for developing the financial reporting processes and respective controls.
  

• Legal and compliance management

  Legal and compliance management practices and processes occupy a central role in Wärtsilä's system of internal control. Wärtsilä's policy is to act in accordance with the applicable laws and regulations in all countries where it operates.
  
  Legal and compliance management acts predominantly in a proactive manner. Legal Affairs supports the President & CEO and the businesses in analysing and making decisions on matters involving contract policy, risk management, and regulatory considerations. Other key activities are to lead compliance management, and to strengthen and ensure the culture of appropriate conduct and behaviour, both internally and in external business transactions. Compliance management is based on the Code of Conduct and relevant group level policies and directives. Company-wide control mechanisms and processes are a part of the overall internal control system.
  

• HR management

  Human resource management practices and processes play an active role in Wärtsilä's system of internal control. Wärtsilä's main human resource management processes with respect to internal control are; compensation and benefits, HR development, recruitment and resourcing management, individual performance management, as well as processes for collecting employee feedback. The HR function is responsible for maintaining and developing Wärtsilä's people related processes to enable effective internal control, also at the individual level.

• Other management systems

  The Board of Management is responsible for developing and implementing Wärtsilä's management system, continuously improving its performance, and ensuring that it operates effectively. The Wärtsilä management system covers all global processes and management procedures within Wärtsilä related to fulfilling customer requirements. The proper functioning of the management systems highlighted below ensures, for their part, the attainment of Wärtsilä's internal control objectives.
  
  Quality
  
  The quality of Wärtsilä's solutions, and thus quality management, is a top priority for Wärtsilä. Compliance with Wärtsilä's Quality Management System ISO 9001:2000 is compulsory throughout the Group, and compliance with the system is rigorously monitored.
  
  Sustainability
  
  Wärtsilä is strongly committed to sustainability. Wärtsilä's purpose and values, together with a solid financial performance, form the basis for sustainable development within Wärtsilä. Wärtsilä applies global guiding principles, such as the Quality, Environmental, Health & Safety policy (QEHS policy) and the Code of Conduct, which, together with the company's values, ensure a harmonised way of working towards sustainable development. In addition to the aforementioned, the Corporate Manual includes other policies and directives, a description of the company's operating procedures, responsibilities, and the management system structure.
  
  Wärtsilä's Board of Management has overall responsibility for sustainability performance. The Board of Management approves the guiding principles and reviews the content on a regular basis. The Board of Management defines sustainability targets and monitors performance against these set targets. Performance is reviewed in connection with the management reviews at both Wärtsilä's Board of Management and Business Management Team levels.
  
  The Board of Directors reviews major sustainability issues on an annual basis. In addition, the Board of Management identifies major critical concerns and, when necessary, communicates such concerns to the Board of Directors.
  
  Wärtsilä's sustainability function is responsible for providing the necessary information to management, identifying development needs, as well as for coordinating sustainability programmes and preparing instructions. The function cooperates closely with the Businesses and the supporting functions, such as Human Resources, Legal Affairs, Compliance and Quality. It also collects and consolidates sustainability data from the subsidiaries.
  
  Wärtsilä has clearly defined responsibilities, which are supported by necessary instructions and training. This training covers, for example, the Code of Conduct, anti-corruption, as well as environmental and occupational health and safety issues. Wärtsilä monitors its sustainability performance by utilising the information provided by various sustainability tools and activities, such as internal audits and compliance processes.
  
  Risk management
  
  Internal control within Wärtsilä is designed to support the company in achieving its targets. The risks related to the achievement of targets need to be identified and evaluated in order for them to be managed. Thus, the identification and assessment of risks is a pre-requisite for internal control within Wärtsilä. Wärtsilä's internal control mechanisms and procedures provide management assurance that risk management actions are carried out as planned.
  
  Wärtsilä has defined and implemented entity level and process level control activities, as well as information system controls. Control activities at different levels are needed to directly mitigate risks at the respective levels. Wärtsilä's risk management processes consist of Group-wide risk assessment and management processes, as well as project-specific risk assessments and project risk management. The Group-wide risk assessment process results in the creation of action plans for the identified and prioritised risks.
  
  Each Business reports its main risks to Wärtsilä's Board of Management, which reviews the execution of the defined risk management action plans on a regular basis. Wärtsilä's Board of Directors is responsible for defining the Group's overall level of risk tolerance, and for ensuring that Wärtsilä has adequate tools and resources for managing risks. The Board reviews the risk profile regularly. The President & CEO, with the assistance of the Board of Management, is responsible for organising and ensuring risk management in all of Wärtsilä's operations. Business management is responsible for defining action plans for managing the most important risks.
  
  Wärtsilä's most important strategic, operative and financial risks can be found in Risk management page.
  
  Information management
  
  Information management plays a key role in Wärtsilä's internal control system. Information systems are critical for effective internal control as many of the control activities are programmed controls.
  

• Values and control environment

  The foundation of Wärtsilä's internal control system is its values: Energy, Excellence and Excitement. Wärtsilä's values are reflected in its day-to-day relations with its suppliers, customers and investors, and in internal guidelines, policies, manuals, processes and practices. The control environment sets the tone for internal control within Wärtsilä and influences the control awareness of its people. It provides discipline and structure for all the other components of internal control. The elements of Wärtsilä's control environment are included in the corporate culture, the integrity, ethical values and competence of Wärtsilä's personnel, as well as in the attention and direction provided to the personnel by the Board of Directors of Wärtsilä. Wärtsilä's values and control environment provide Wärtsilä's Board of Directors and Management with the basis for reasonable assurance regarding the achievement of the objectives for internal control. The President & CEO and the Board of Management define Wärtsilä's values and ethical principles, which are reflected in the Code of Conduct, and set an example for the corporate culture, which in combination create the basis for the control environment. They are, together with Business management, responsible for communicating Wärtsilä's values to the organisation.
  

• Business processes

  The controls embedded in Wärtsilä's business processes play a key role in ensuring effective internal control within the company. Controls in the business processes help ensure the achievement of all the objectives of internal control within Wärtsilä, especially those related to the efficiency of operations and the safeguarding of the company's profitability and reputation. Business management is responsible for ensuring that within its area of responsibility, the defined Group level processes and controls are implemented and complied with. Where no Group level processes and controls exist, Business management is responsible for ensuring that efficient Business level processes with adequate controls have been described and implemented.

• Guidelines and communication

  Guidelines and manuals
  
  The components of Wärtsilä's internal control system, including for example, corporate governance, the management system, the performance management process, as well as the business and other processes, are described in various guidelines and manuals. The essential Group level policies and guidelines are compiled in Wärtsilä's Corporate Manual. Wärtsilä's Group level Accounting Manual contains instructions and guidance on accounting and financial reporting to be applied in all Wärtsilä Group companies. The manual supports the achievement of the objectives regarding the reliability of Wärtsilä's financial reporting. Wärtsilä's Group level policies, and any changes to them, shall be approved by a member of the Board of Management. In addition to the Group level guidelines and manuals, the Businesses have issued related guidelines and instructions for their own, specific purposes. The Business level guidelines and manuals are aligned with, and do not contradict, the Group level guidelines and manuals.
  
  Information and communication
  
  An effective internal control system needs sufficient, timely and reliable information to enable the management to assess the achievement of the company's objectives. Both financial and non-financial information is needed, relating to both internal and external events and activities. Informal means by which employees can provide feedback to management, and to communicate suspected misconduct (e.g. directly to the Compliance, Legal Affairs or Internal Audit function) are used. All external communications are carried out in accordance with the Group Communications Policy.

• Monitoring

  Monitoring is a process that assesses the quality of Wärtsilä's system of internal control and its performance over time. Monitoring within Wärtsilä is performed both on an ongoing basis, and through separate evaluations that include internal, external and quality audits.
  
  Business management is responsible for ensuring that all relevant laws and regulations are complied with in their respective responsibility areas. Wärtsilä's management in turn performs monitoring as part of its regular supervisory activities. The Audit Committee of the Board of Directors assesses and assures the adequacy and effectiveness of Wärtsilä's internal controls and risk management.
  
  The Internal Audit function assists the Audit Committee in assessing and assuring the adequacy and effectiveness of Wärtsilä's internal controls and risk management by performing regular audits of Group legal entities and support functions according to its annual plan. Wärtsilä's external auditor and other assurance providers, such as quality auditors, conduct evaluations of Wärtsilä's internal controls. The Group Finance & Control function oversees the financial reporting processes and controls to ensure that they are being followed. It also monitors the correctness of all external and internal financial reporting. The Legal and Compliance function monitors adherence to the compliance policies of the group. The external auditors verify the correctness of the external annual financial reports.