Operational risk management is part of the daily work of the Businesses. Opportunities and risks are identified, assessed, and managed on a daily basis and reported to, and managed by, the appropriate management level. The status of these opportunities and threats are reviewed on a periodic basis and appropriate further actions are taken.
Wärtsilä constantly analyses its manufacturing footprint and capacity costs, including costs related to the supply chain. Risk assessments have been made for all the main delivery centres, and significant safety, environmental impact, and risk mitigation investments have been completed. Risk identification, assessment, and mitigation actions are executed on a regular basis as part of operational management. Management systems for quality, environmental, occupational health and safety, and other systems are utilised to improve productivity, while safety and business continuity plans have been implemented for the key delivery centres.
Supplier and sub-contractor risk
Wärtsilä’s supply management is integrated within the business lines. The aim is to work in partnership with the supplier base to create value for Wärtsilä’s customers by ensuring quality, on-time delivery, and the lowest total cost. In order to ensure coordinated interfaces and synergies for the cross-divisional supplier base, a category management structure has been in place since 2007. Indirect Purchasing remains a centralised function responsible for managing strategic sourcing activities for indirect materials and services in all businesses and support functions.
The supply management units have a unified process for managing and controlling Wärtsilä’s supplier network, and for verifying that the suppliers’ performance meets Wärtsilä’s expectations. Supplier performance is, therefore, continuously measured. A key activity in managing business continuity planning is the regular assessment of business interruption risks, which is carried out in cooperation with the company’s suppliers. Several supplier risk audits have been completed jointly with the insurer as one means of mitigating risk. These audits are now one of the regular tasks for the supply category managers and the Risk Management function.
Wärtsilä has developed its supply related activities by creating close collaboration and long-term relationships with its main suppliers. This co-operation creates a common view towards values and goals, which in turn supports the management of Wärtsilä’s strategic risks. To further mitigate supplier and sub-contractor risks, a comprehensive follow-up of suppliers’ credit worthiness has been established. Supplier related risks for key components are mitigated by establishing dual- or multi-sourcing.
During 2018, Wärtsilä first piloted and then took into use an online solution for supply chain risk identification, assessment and monitoring. More than 2,000 suppliers have been, and continue to be, followed through the system since mid-2018. The solution includes a selection of Wärtsilä defined key criteria against which the situation of each supplier is continuously measured. Any discrepancies are automatically reported to the responsible category manager who is responsible for ensuring that the necessary steps, if any, are taken to mitigate the risk. Also the first steps in supply chain cyber security assessment were taken during 2018.
Lifecycle quality of products and product liability risk
The launching of new products always involves risks. In the R&D process, several risk management techniques are applied, including the risk elimination tool FMEA (Failure Modes and Effects Analysis) and in-house validation testing. Wärtsilä seeks to control quality risks by monitoring the incoming quality of the supply chain, and by designing and manufacturing its products with all due care. A non-destructive robotic ultrasonic data analysation procedure, which replaces manual scanning of critical components, enhances the probability of detecting imperfections in components with a complex geometry.
Wärtsilä applies a GATE model in order to control the product development process. Initially, only a limited release of new products is allowed, and via the gate approach, full release authority is given to the sales organisations only after testing and further validation has been completed.
As part of the on-going digital transformation, a so-called ‘agile’ way of working has been adopted in the Digital organisation, which allows Wärtsilä to test new ideas and business models quickly in order to promptly adapt to changing market needs. This approach is used for conceptualisation to avoid the risk of losing business opportunities, while products continue to go through the established GATE procedure. Thus, the two models complement each other and are used in different contexts within the organisation.
Wärtsilä seeks to control its manufacturing quality risks by applying several assurance and quality control principles. The level of quality assurance and control requirements are determined based on component criticality, and they are applied throughout the delivery chain.
Requirement management is used to assess components systematically, enabling the allocation of resources and efforts according to the component criticality. The ranking criteria indicates the consequence if a component fails. The objective is to improve quality proactively within product development, supply management, and the entire delivery process from order intake to commissioning.
Nonconformity management at Wärtsilä focuses on developing and improving operations by registering and handling detected nonconformities. This ensures that customers receive products and services according to the agreed scope and specifications. Efficient handling, monitoring, and review of nonconformities is crucial for proper risk management and mitigation.
Product improvement management (issue resolution) projects are prioritised based on risk and importance. This happens when Wärtsilä identifies a technical issue according to claim statistics, customer feedback, or internal analysis and the case fulfils the risk categorisation for a non-isolated case.
The business lines are responsible for supporting customers in all warranty issues. This offers a feedback loop from the field to production and R&D, while taking care of the customers’ installations throughout their lifecycle. The company makes warranty provisions to cover any costs that may arise after product delivery. The company’s product liability insurance covers unexpected damages.
Wärtsilä seeks to continuously improve the quality of its products and services through the adoption of best industry practices and good governance. Management at all levels is responsible for the quality of output from their organisations, and is accountable for ensuring that appropriate review and feedback mechanisms are in place. The centralised Wärtsilä Quality function is responsible for coordinating quality activities across the businesses, and for ensuring that senior governance mechanisms are in place and effective. Wärtsilä's Business level management systems are certified according to 2015 standard revisions (ISO 9001:2015 and ISO 14001:2015) with an emphasis on a risk based approach and proactive risk and opportunity management.
Wärtsilä’s non-service sales include projects and equipment supply deliveries of various sizes. The most substantial orders concern power plants delivered on a complete EPC (engineering, procurement and construction) basis. However, in relation to the total volume of business, the risks from individual projects do not reach significant levels. The risk of product liability claims is reduced through the lifecycle quality of the products and work, starting from the initial design, through all stages of the production process, to the eventual field service activities, and the use of standard sales contracts, including the establishment of a contract review process.
In service activities, contractual risk is related mainly to long-term agreements and service projects, such as engine upgrades, retrofits or modifications. These offerings represent approximately 25% of all service activities, but the risks connected to individual contracts do not reach significant levels since the business between the various customers and countries is broadly spread. In addition, both offerings follow a well-defined sales process, thereby bringing multiple control points to observe embedded risks and to plan their control, both in contractual measures as well as in execution.
Risk of non-compliance, corruption and fraud
Wärtsilä complies with the law and its own internal policies and procedures everywhere the company does business. Wärtsilä's Code of Conduct is the key guideline for all employees globally. Wärtsilä is committed to high ethical standards and integrity, and to preventing corruption and violations of the principles set forth in the Code of Conduct, as well as in Wärtsilä's Anti-Corruption and Compliance Reporting policies. Compliance processes are embedded in all of the Businesses, and the responsibility for compliance and awareness of ethics and integrity is that of all Wärtsilä employees. Wärtsilä is fully committed to compliance with anti-corruption laws and statutes. Wärtsilä's Anti-Corruption Policy absolutely forbids any kind of corruption and bribery, and the top management of the company has a zero-tolerance policy regarding corruption and fraud.
The Compliance function promotes Group wide compliance and continuously strives to raise awareness of the risk of corruption and bribery and other misconduct. It is primarily responsible for creating and enforcing Group level policies and procedures, training programmes, internal compliance investigations, managing the consequences of misconduct, and reporting. The continuous development of Wärtsilä's compliance programme and nurturing the company’s commendable ethical culture are pivotal tasks for the Compliance function. Moreover, Compliance supports and co-operates with the Businesses and other corporate functions in their risk management efforts. Wärtsilä has a Group-wide programme for strengthening its Code of Conduct which aims to increase employees’ understanding on how the Code of Conduct impacts the everyday work at all Wärtsilä locations, wherever Wärtsilä operates. In 2018, Wärtsilä took into use an externally hosted new channel for reporting potential misconducts.
While Wärtsilä is aware of the risk of being subject to fraud by external business parties, and that the risk of corruption and fraud is heightened in many markets where the company operates, Wärtsilä maintains its highly ethical practices at all times. Full compliance with its stringent anti-corruption regime, including policies to prevent the corruption and bribery risk of third parties, is demanded by Wärtsilä.
Cyber & information security related risks
Wärtsilä has an experienced and professional internal organisation dedicated to the effective management of cyber security risks across Wärtsilä’s portfolio. This organisation, in co-operation with Wärtsilä’s Business Management teams, delivers cyber security operational support. It also provides the associated governance, risk management, and assurance required to support and enable both safe and secure internal operations, while securing that customer offerings by the Businesses are compliant with the relevant regulations and applicable standards, both now and in the future.
The Wärtsilä cyber security governance model aligns closely with wider business risk management and supports the Businesses in identifying and prioritising their respective cyber security risks. The cyber security team works seamlessly with physical security colleagues across Wärtsilä to ensure the effective and coordinated delivery of holistic security solutions for both the cyber and physical domains.
Information security risks related to Wärtsilä’s internal operations are continually identified, analysed and evaluated. The attendant mitigation activities are executed across Wärtsilä’s networks, endpoints, systems and services. The 24/7 Wärtsilä Security Operations Centre continually monitors the perimeter to internal systems and closely observes the external threat exposure level, whilst providing a coordinated response to identified information security incidents, as and when they may occur.
The effective mitigation of the risks associated with cyber security hygiene throughout Wärtsilä are continually and progressively being reinforced through coordinated and complementary cyber security training, awareness initiatives and extensive communications. This involves all Wärtsilä corporate functions and the Businesses.
Recognising the ever-present and increasing cyber security risks to our customers in the maritime industry, Wärtsilä has developed, in close partnership with a leading cyber security provider, a world-leading maritime cyber emergency response capability based in Singapore. This service puts thought leadership into tangible action, and places Wärtsilä at the forefront in mitigating the cyber security risks to its customers.
Commodity price risk
The direct effect of oil price changes on Wärtsilä's production is limited, with their impact being mainly demand related. Higher oil prices represent a risk for global economic growth and increase operating costs, especially in the shipping markets. However, they also stimulate investments in exploration and production for oil and gas, both on land and offshore. Furthermore, high oil prices increase investments in gas carriers, gas-based power plants and, increasingly, also in gas-fuelled vessels. Low oil prices can delay investment decisions in oil producing countries and regions, as well as in the offshore industry. Wärtsilä is a global company involved in different shipping and power plant segments where oil price changes can have an opposing impact on demand drivers. This position is further diversified by the increasing importance of natural gas in Wärtsilä's business.
Metal prices have an indirect effect on the component costs of Wärtsilä’s products. Furthermore, some key components are sourced with long-term contracts, and thus raw material price volatility is limited.
Electricity prices have no substantial impact on Wärtsilä’s production costs. In the energy markets, high electricity prices support investments in new capacity by utility customers. Lower grid electricity prices do not favour investments in their own generating capacity by industrial customers.