Wärtsilä has defined its objectives for internal control according to the international COSO framework. Wärtsilä defines internal control as a process implemented by Wärtsilä's Board of Directors, the Management, the Boards of Directors of Group companies, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives.
Internal control covers all the policies, processes, procedures and organisational structures within Wärtsilä that help the management, and ultimately the Board, to ensure that Wärtsilä is achieving its objectives, that the business conduct is ethical and in compliance with all applicable laws and regulations, that the company's assets, including its brand, are safeguarded, and that its financial reporting is correct. Internal control is not a separate process or set of activities but is embedded in Wärtsilä's operations.
The system of internal control operates at all levels of Wärtsilä. Wärtsilä maintains and develops its internal control system with the ultimate aim of improving its business performance and, at the same time, complying with laws and regulations in countries where it operates.
The Board of Management is responsible for developing and implementing Wärtsilä's management system, continuously improving its performance and ensuring that it operates effectively. The Wärtsilä management system covers all global processes and management procedures within Wärtsilä related to fulfilling customer requirements. The proper functioning of the management systems below ensures, for their part, the attainment of Wärtsilä's internal control objectives.
Internal control within Wärtsilä is designed to support the company in achieving its targets. The risks related to the achievement of targets need to be identified and evaluated in order for them to be managed. Thus, the identification and assessment of risks is a prerequisite for internal control within Wärtsilä. Wärtsilä’s internal control mechanisms and procedures provide the management assurance that risk management actions are carried out as planned. Wärtsilä has defined and implemented entity level and process level control activities, as well as information system controls. Control activities at different levels are needed to directly mitigate risks at the respective levels.
Wärtsilä’s financial reporting is carried out in a harmonised way in all major Group companies, using a single instance ERP system and a common chart of accounts. The International Financial Reporting Standards (IFRS) are applied throughout the entire Group. Wärtsilä’s finance and control process is essential for the functioning of internal control. Adequate controls in the financial management and accounting processes are needed to ensure the
reliability of financial reporting.
The Board of Directors regularly assesses the adequacy and effectiveness of Wärtsilä’s internal controls and risk management. It is also responsible for ensuring that the internal control of accounting and financial administration is arranged appropriately. The Audit Committee of Wärtsilä’s Board of Directors is responsible for overseeing the financial reporting process.
The foundation of Wärtsilä’s internal control system lies on the company’s values: customer success, passion, and performance. Wärtsilä’s values are reflected in its day-to-day relations with its suppliers, customers, and investors, as well as in internal guidelines, policies, manuals, processes, and practices. The control environment sets the tone for internal control within Wärtsilä and influences the control awareness of its people. It provides discipline and structure for all the other components of internal control. The elements of Wärtsilä’s control environment are included in the corporate culture; in the integrity, ethical values and competence of Wärtsilä’s personnel; as well as in the attention and direction provided to the personnel by the Board of Directors.
Wärtsilä’s values and control environment provide Wärtsilä’s Board of Directors and management the basis for reasonable assurance regarding the achievement of the objectives of internal control. The President & CEO and the Board of Management define Wärtsilä’s values and ethical principles, which are reflected in the Code of Conduct, and set an example for the corporate culture, which together create the basis for the control environment. They, together with the business management, are responsible for communicating Wärtsilä’s values to the organisation.
The controls embedded in Wärtsilä’s business processes play a key role in ensuring effective internal control within the company. Controls in the business processes help ensure the achievement of all the objectives of internal control within Wärtsilä, especially those related to the efficiency of operations and safeguarding the company’s profitability and reputation. The business management is responsible for ensuring that, within its area of responsibility, the defined Group level processes and controls are implemented and complied with. Where no Group level processes and controls exist, the business management is responsible for ensuring that efficient business level processes with adequate controls have been defined and implemented.
Guidelines and manuals
The components of Wärtsilä's internal control system, including for example corporate governance, the management system, the performance management process, as well as business and other processes, are described in various guidelines and manuals. The essential Group level policies and guidelines are compiled in Wärtsilä's Corporate Manual. Wärtsilä's Group level Accounting Manual contains instructions and guidance on accounting and financial reporting to be applied in all Wärtsilä Group companies. The manual supports the achievement of objectives related to the reliability of Wärtsilä's financial reporting. Wärtsilä's Group level policies, and any changes to them, shall be approved by a member of the Board of Management. In addition to the Group level guidelines and manuals, the Businesses have issued related guidelines and instructions for their own, specific purposes. The Business level guidelines and manuals are aligned with, and do not contradict, the Group level guidelines and manuals.
Information and communication
An effective internal control system needs sufficient, timely and reliable information to enable the management to assess the achievement of the company's objectives. Both financial and non-financial information is needed, relating to both internal and external events and activities. Employees can provide feedback to management and communicate suspected misconduct via a whistle blower channel that secures anonymous reporting, or directly to the Compliance, Legal Affairs, or Internal Audit function. All external communications are carried out in accordance with the Group Communications Policy.
Monitoring is a process that assesses the quality of Wärtsilä’s internal control system and its performance over time. Monitoring is performed both on an ongoing basis and through separate evaluations that include internal, external, and quality audits.
The Audit Committee of the Board of Directors assesses and assures the adequacy and effectiveness of Wärtsilä’s internal controls and risk management. The Internal Audit function assists the Audit Committee in this work by performing regular audits of Group legal entities, businesses, and support functions in accordance with its annual plan. In addition, Wärtsilä’s external auditor and other assurance providers, such as quality auditors, conduct their evaluations of Wärtsilä’s internal controls.
Wärtsilä’s management performs monitoring as part of its regular supervisory activities. The business management is responsible for ensuring that all relevant laws and regulations are complied with in their respective responsibility areas. The Legal and Compliance function monitors adherence to the compliance policies of the Group.
The Group Finance & Control function oversees the financial reporting processes and controls to ensure that they are being followed. It also monitors the correctness of all external and internal financial reporting. Wärtsilä’s external auditor verifies the correctness of the external annual financial reports.