Wärtsilä constantly analyses its manufacturing footprint and capacity costs, including costs related to the supply chain. Risk assessments have been made for all the main delivery centres, and significant safety, environmental impact, and risk mitigation investments have been completed. Risk identification, assessment, and mitigation actions are executed on a regular basis as part of operational management. Management systems for quality, environmental, occupational health and safety, and other systems are utilised to improve productivity, while safety and business continuity plans have been implemented for the key delivery centres.
Supplier and sub-contractor risk
Wärtsilä’s supply management is integrated within the business lines. The aim is to work in partnership with the supplier base to create value for Wärtsilä’s customers by ensuring quality, on-time delivery, and the lowest total cost. In order to ensure coordinated interfaces and synergies for the cross-divisional supplier base, a category management structure has been in place since 2007. Indirect Purchasing remains a centralised function responsible for managing strategic sourcing activities for indirect materials and services in all businesses and support functions.
The supply management units have a unified process for managing and controlling Wärtsilä’s supplier network and for verifying that the suppliers’ performance meets Wärtsilä’s expectations. Supplier performance is, therefore, continuously measured. A key activity in managing business continuity planning is the regular assessment of business interruption risks, which is carried out in cooperation with the company’s suppliers. Several supplier risk audits have been completed jointly with the insurer as one means of mitigating risk. These audits are now one of the regular tasks for the supply category managers and the Risk Management function.
Wärtsilä has developed its supply related activities by creating close collaboration and long-term relationships with its main suppliers. This cooperation creates a common view towards values and goals, which in turn supports the management of Wärtsilä’s strategic risks. To further mitigate supplier and sub-contractor risks, a comprehensive follow-up of suppliers’ credit worthiness has been established. Supplier related risks for key components are mitigated through dual- or multi-sourcing.
Wärtsilä uses an online solution for supply chain risk identification, assessment, and monitoring. More than 2,000 suppliers have been, and continue to be, followed through the system. The solution includes a selection of key criteria defined by Wärtsilä, against which the situation of each supplier is continuously measured. Any discrepancies are automatically reported to the responsible category manager, who is responsible for ensuring that the necessary steps, if any, are taken to mitigate the risk. A supply chain cyber security assessment process was introduced in 2019, with the focus of covering a variety of suppliers, from large key suppliers to smaller low-spend suppliers. Until now, only a limited number of suppliers has undergone this assessment, with further assessments to be conducted during the coming year.
Lifecycle quality of products and product liability risk
Wärtsilä’s quality strategy focuses on preventive and proactive actions to deliver increased customer satisfaction, shorter lead times, and a reduced number of claims. To realise Wärtsilä’s quality vision, the strategy has been focused towards effective project risk management, strengthened awareness, and ownership supported by a streamlined product improvement process.
The launching of new products always involves risks. In the R&D process, several risk management techniques are applied, including the risk elimination tool FMEA (Failure Modes and Effects Analysis) and in-house validation testing. Wärtsilä seeks to control quality risks by monitoring the incoming quality of the supply chain and by designing and manufacturing its products with all due care. A non-destructive robotic ultrasonic data analysis procedure, which replaces manual scanning of critical components, enhances the probability of detecting imperfections in components with a complex geometry.
Wärtsilä applies a GATE model in order to control the product development process. Initially, only a limited release of new products is allowed, and via the gate approach, full release authority is given to the sales organisations only after testing and further validation has been completed.
Wärtsilä seeks to control its manufacturing quality risks by applying several assurance and quality control principles. The level of quality assurance and control requirements are determined based on component criticality, and they are applied throughout the delivery chain.
Requirement management is used to assess components systematically, enabling the allocation of resources and efforts according to the component criticality. The ranking criteria indicates the consequence if a component fails. The objective is to improve quality proactively within product development, supply management, and the entire delivery process from order intake to commissioning.
Nonconformity management at Wärtsilä focuses on developing and improving operations by registering and handling detected nonconformities. This ensures that customers receive products and services according to the agreed scope and specifications. Efficient handling, monitoring, and reviewing of nonconformities is crucial for proper risk management and mitigation.
Product improvement management (issue resolution) projects are prioritised based on risk and importance. This happens when Wärtsilä identifies a technical issue according to claim statistics, customer feedback, or internal analysis, and the case fulfils the risk categorisation for a non-isolated case.
The business lines are responsible for supporting customers in all warranty issues. This offers a feedback loop from the field to production and R&D, while taking care of the customers’ installations throughout their lifecycle. The company makes warranty provisions to cover any costs that may arise after product delivery. The company’s product liability insurance covers unexpected damages.
Wärtsilä seeks to continuously improve the quality of its products and services through the adoption of best industry practices and good governance. Management at all levels is responsible for the quality of output from their organisations and is accountable for ensuring that appropriate review and feedback mechanisms are in place. The centralised Wärtsilä Quality function is responsible for coordinating quality activities across the businesses and for ensuring that senior governance mechanisms are in place and effective. Wärtsilä's business level management systems are certified in accordance with the 2015 standard revisions (ISO 9001:2015 and ISO 14001:2015), with an emphasis on a risk-based approach and proactive risk and opportunity management. Migration to the new 45001:2018 standard version will be completed during 2020.
Wärtsilä’s equipment business includes projects and deliveries of various sizes. The most substantial orders concern power plants delivered on a complete EPC (engineering, procurement, and construction) basis and major marine and energy delivery contracts requiring extensive coordination, efficient risk management, and the integration of contracted systems and solutions.
In 2019, Wärtsilä’s operating result was weakened by unforeseen cost overruns in a handful of complex marine and energy projects. A review of the projects in question revealed incorrect underlying assumptions in cost estimates, insufficient risk identification, and supplier related challenges. Corrective actions have been taken to prevent similar issues from occurring in the future. These include changes to the organisational structure, processes, and technical assessment controls. Furthermore, supplier approval has been tightened, new tools introduced, and training enhanced. With these measures, Wärtsilä aims to improve the quality of its project execution activities and to ensure better upfront identification of risks and opportunities.
The risk of product liability claims is reduced through the lifecycle quality of the products and work, starting from the initial design, through all stages of the production process, to the eventual field service activities, and the use of standard sales contracts, including the establishment of a contract review process.
In activities related to lifecycle support, contractual risk is mainly related to long-term agreements and service projects, such as engine upgrades, retrofits, or modifications. In large scale performance-based agreements, the recognised contractual risk is related to the ability to manage and maintain assets as planned.
Risk of non-compliance, corruption and fraud
Wärtsilä complies with the law and its own internal policies and procedures everywhere the company does business. Wärtsilä's Code of Conduct is the key guideline for all employees globally. Wärtsilä is committed to high ethical standards and integrity, and to preventing corruption and violations of the principles set forth in the Code of Conduct, as well as in Wärtsilä's Anti-Corruption and Compliance Reporting policies. Compliance processes are embedded in all of the Businesses, and the responsibility for compliance and awareness of ethics and integrity is that of all Wärtsilä employees. Wärtsilä is fully committed to compliance with anti-corruption laws and statutes. Wärtsilä's Anti-Corruption Policy absolutely forbids any kind of corruption and bribery, and the top management of the company has a zero-tolerance policy regarding corruption and fraud.
The Compliance function promotes Group-wide compliance and continuously strives to raise awareness of the risk of corruption and bribery and other misconduct. It is primarily responsible for creating and enforcing Group level policies and procedures, training programmes, misconduct incident reporting, internal compliance investigations, as well as for managing the consequences of misconduct, and reporting. The continuous development of Wärtsilä's compliance programme and nurturing the company’s commendable ethical culture are pivotal tasks for the Compliance function. Moreover, Compliance supports and cooperates with the Businesses and other corporate functions in their risk management efforts. Wärtsilä has a Group-wide programme for strengthening its Code of Conduct, which aims to increase the employees’ understanding as to how the Code of Conduct impacts everyday activities at all Wärtsilä locations, wherever Wärtsilä operates.
While Wärtsilä is aware of the risk of being subject to fraud by external business parties, and that the risk of corruption and fraud is heightened in many markets where the company operates, Wärtsilä maintains its highly ethical practices at all times. Full compliance with its stringent anti-corruption regime, including policies to prevent the corruption and bribery risk of third parties, is demanded by Wärtsilä.
Cyber and information security related risks
Wärtsilä has an experienced and professional internal organisation dedicated to the effective management of cyber security risks across Wärtsilä’s portfolio. This organisation, in cooperation with Wärtsilä’s Business Management teams, delivers cyber security operational support. It also provides the associated governance, risk management, and assurance required to support and enable safe and secure internal operations, while ensuring that the Businesses’ customer offerings are compliant with the relevant current and future regulations and applicable standards.
The Wärtsilä cyber security governance model aligns closely with overall business risk management and supports the Businesses in identifying and prioritising their respective cyber security risks. The cyber security team works seamlessly with physical security colleagues across Wärtsilä to ensure the effective and coordinated delivery of holistic security solutions for both the cyber and physical domains.
Information security risks related to Wärtsilä’s internal operations are continually identified, analysed, and evaluated. The attendant mitigation activities are executed across Wärtsilä’s networks, endpoints, systems, and services. The 24/7 Wärtsilä Security Operations Centre continually monitors the perimeter to internal systems and closely observes the external threat exposure level, whilst providing a coordinated response to identified information security incidents, as and when they may occur.
The effective mitigation of risks associated with cyber security hygiene throughout Wärtsilä are continually and progressively reinforced through coordinated and complementary cyber security training, awareness initiatives, and extensive communications. This involves all Wärtsilä corporate functions and the Businesses.
Wärtsilä has identified the need to mitigate the cyber security risks associated with its supply chain. The company is addressing this need through a comprehensive and risk-based approach, involving both increased opportunities for remote and objective assessment of some suppliers, as well as increased levels of communication with others.
Recognising the ever-present and increasing cyber security risks to customers in the maritime industry, Wärtsilä has developed, in close partnership with a leading cyber security provider, a world-leading maritime cyber emergency response capability based in Singapore. This service puts thought leadership into tangible action and places Wärtsilä at the forefront in mitigating the cyber security risks to its customers.
In 2019, Wärtsilä became one of the founding members of the Operational Technology Cyber Security Alliance (OTCSA) intended to provide a technical and organisational framework for safe and secure operational technology. This new alliance aims to bridge dangerous gaps in security for operational technology and industrial control systems. As cyber criminals are seen to increasingly target operational technology used to control physical equipment like those found in factories, power plants, ships, or ports, finding ways to collaborate with the ecosystem of suppliers, customers, and other partners, even competitors, is the best way to manage the continuously evolving threat landscape.
Privacy and data protection risks
EU’s General Data Protection Regulation (GDPR) sets out the general framework for Wärtsilä’s efforts in data protection. Wärtsilä has global privacy notices to inform its personnel, customers, vendors, other stakeholders, and interest groups about the processing of personal data. Data protection implementation is supported by and aligned with group-wide privacy policies and processes.
Mandatory GDPR training is in place for employees processing personal data. Tailored data protection training is provided also for specific employee groups, such as management teams.
Wärtsilä’s applies a risk-based approach to privacy and data protection and continues to take further actions to strengthen privacy and data protection implementation in order to mitigate risks.
Commodity price risk
The direct effect of oil price changes on Wärtsilä's production is limited, with their impact being mainly demand related. Higher oil prices represent a risk for global economic growth and increase operating costs, especially in the shipping markets. However, they also stimulate investments in exploration and production for oil and gas, both on land and offshore. Furthermore, high oil prices increase investments in gas carriers, gas-based power plants and, increasingly, also in gas-fuelled vessels. Low oil prices can delay investment decisions in oil producing countries and regions, as well as in the offshore industry. Wärtsilä is a global company involved in different shipping and power plant segments where oil price changes can have an opposing impact on demand drivers. This position is further diversified by the increasing importance of natural gas in Wärtsilä's business.
Metal prices have an indirect effect on the component cost of Wärtsilä’s products. Some key components are sourced with long-term contracts, and raw material price volatility is, therefore, limited.
Electricity prices have no substantial impact on Wärtsilä’s production costs. In the energy markets, high electricity prices support investments in new capacity by utility customers. Lower grid electricity prices do not favour investments in their own generating capacity by industrial customers.