Risk management

Updated 14.2.2022

Wärtsilä, like any other company, is exposed to various risks through the normal course of its activities. No business can be conducted without accepting a certain level of risk. By maintaining a risk aware culture and practising proactive management of risks, Wärtsilä aims to ensure that it can effectively execute its strategies, perform its operations, meet its objectives, reach its financial targets, and be prepared for potential external hazards. 

Risk is an element of uncertainty on objectives resulting in, if materialised, a deviation from the expected, positive or negative, representing either a threat or an opportunity. Therefore, the focus in risk management activities is to identify such material risks that have the potential to restrain the company from reaching its goals, and to determine whether such risks are at an acceptable level. If not, corrective actions are taken to avoid, mitigate, transfer, or monitor the risks, or to capture and utilise the opportunities.

At Wärtsilä, the following statements apply:

  • Wärtsilä considers that risk management is an integral part of its strategic and operational management, connected to the management systems and part of the company’s culture.
  • The risk management process is a systematic, continuous loop of repetitive steps of context establishment, risk identification, risk assessment, risk treatment, communication and consultation, and finally monitoring and review.
  • The businesses are responsible for their risks and rewards, and thus managing risks is the responsibility of business management teams and individual managers. However, risk awareness is a matter for everyone at Wärtsilä.
  • Risk management is subject to continuous improvements that reflect changes in the internal organisation and the external environment Wärtsilä operates in.
  • The maturity of risk management is verified frequently.

Risk management framework and governance

Wärtsilä’s over-arching risk management framework and practices defined therein follow the ISO 31000:2018 standard, with an emphasis on continuous improvement and verification. The risk management framework and guidelines are documented in the Group’s Enterprise Risk Management policy that is applicable group wide. The policy was updated in 2021.

Wärtsilä’s Board of Directors bears the ultimate accountability for defining the Group’s overall risk appetite and tolerance level, and for the oversight of the Group’s risk profile with quarterly reviews. 

The President & CEO, together with the Board of Management, is responsible for setting the premise for a risk awareness culture at Wärtsilä, and for ensuring that risk management is deeply embedded in all operations and processes with the appropriate tools and resources. The Board reviews the Group’s risk profile, i.e. the most important risks and their treatment plans, on a quarterly basis, giving guidance and setting priorities as needed to ensure the sufficiency of risk management actions and controls. 

The businesses at Wärtsilä are responsible for performing their strategies and achieving their set operational and financial targets. Equally, the businesses and their management teams are responsible for the deployment of continuous risk management actions to identify, manage, and treat all material risks, including project-specific risks. This work is cascaded to the business unit level in each business. Each business presents its risk profile to the President & CEO, the Chief Financial Officer, and the rest of the Board of Management on a quarterly basis. 

The Corporate Risk Management function is part of Group Treasury that in turn reports to the Chief Financial Officer. The function is responsible for the risk reporting process, maintenance of the risk management system, and for supporting the businesses and their underlying organisations in risk management. The function also leads the internal risk management peer group that, together with business representatives, ensures proper alignment, knowledge sharing, and the continuous improvement of risk management at Wärtsilä.

Risk categories

Wärtsilä’s over-arching risk management framework and practices classifies risks into strategic, operational, hazard, and financial risks. The potential impact is the highest with strategic and operational risks and the lowest with hazard and financial risks. Impacts can have upsides and downsides, with the exception of hazard risks, where only a negative effect is possible.