Operational risks


Operational risk management is part of the daily work of the Businesses. Opportunities and risks are identified, assessed, and managed on a daily basis and reported to, and managed by, the appropriate management level. The status of these opportunities and threats is reviewed on a periodic basis, and appropriate further actions are then taken.


Risk management process 2020

Manufacturing risk

Wärtsilä constantly analyses its manufacturing footprint and capacity costs, including costs related to the supply chain. Risk assessments have been made for all the main delivery centres, and significant safety, environmental impact, and risk mitigation investments have been completed. Risk identification, assessment, and mitigation actions are executed on a regular basis as part of operational management. Management systems for quality, environmental, occupational health and safety, and other systems are utilised to improve productivity, while safety and business continuity plans have been implemented for the key delivery centres.

Supplier and sub-contractor risk

Wärtsilä’s supply management is integrated within the businesses. The aim is to work in partnership with the supplier base to create value for Wärtsilä’s customers by ensuring quality, on-time delivery, and the lowest total cost. In order to ensure coordinated interfaces and synergies for the cross-business supplier base, a category management structure has been in place since 2007. Indirect Purchasing remains a centralised function responsible for managing strategic sourcing activities for indirect materials and services in all businesses and support functions.

The supply management units have a unified process for managing and controlling Wärtsilä’s supplier network and for verifying that the suppliers’ performance meets Wärtsilä’s expectations. Supplier performance is, therefore, continuously measured. A key activity in managing business continuity planning is the regular assessment of business interruption risks, which is carried out in cooperation with the company’s suppliers. Several supplier risk audits have been completed jointly with the insurer as one means of mitigating risk. These audits are now one of the regular tasks for the supply category managers and the Risk Management function.

Wärtsilä has developed its supply related activities by creating close collaboration and long-term relationships with its main suppliers. This cooperation creates a common view towards values and goals, which in turn supports the management of Wärtsilä’s strategic risks. To further mitigate supplier and subcontractor risks, a comprehensive follow-up of suppliers’ credit worthiness has been established. Supplier related risks for key components are mitigated through dual- or multi-sourcing.

Wärtsilä uses an online solution for supply chain risk identification, assessment, and monitoring. More than 2,500 suppliers have been, and continue to be, followed through the system. The solution includes a selection of key criteria defined by Wärtsilä, against which the situation of each supplier is continuously measured. Any discrepancies are automatically reported to the appropriate category manager, who is responsible for ensuring that the necessary steps, if any, are taken to mitigate the risk. During 2020, Wärtsilä also initiated a more structured process for requesting the relevant key suppliers to provide business continuity plans for the production of Wärtsilä sourced components and services.

Lifecycle quality of products and product liability risk

Wärtsilä’s quality strategy focuses on preventive and proactive actions to deliver increased customer satisfaction, shorter lead times, and a reduced number of claims. To realise Wärtsilä’s quality vision, the strategy is focused towards effective project risk management and strengthened awareness and ownership, supported by a streamlined product improvement process.

The launching of new products always involves risks. In the R&D process, several risk management techniques are applied, including the risk elimination tool FMEA (Failure Modes and Effects Analysis) and in-house validation testing. Wärtsilä seeks to control quality risks by monitoring the incoming quality of the supply chain, and by designing and manufacturing its products with all due care. A non-destructive robotic ultrasonic data analysis procedure, which replaces manual scanning of critical components, enhances the probability of detecting imperfections in components with a complex geometry.

Wärtsilä applies a GATE model in order to control the product development process. Initially, only a limited release of new products is allowed, and via the gate approach, full release authority is given to the sales organisations only after testing and further validation has been completed.

Wärtsilä seeks to control its manufacturing quality risks by applying several assurance and quality control principles. The level of quality assurance and control requirements are determined based on component criticality, and they are applied throughout the delivery chain.

Requirement management is used to assess components systematically, enabling the allocation of resources and efforts according to component criticality. The ranking criteria indicates the consequence if a component fails. The objective is to improve quality proactively within product development, supply management, and the entire delivery process – from order intake to commissioning.

Non-conformity management at Wärtsilä focuses on developing and improving operations by registering and handling detected nonconformities. This ensures that the products and services received by customers are according to the agreed scope and specifications. Efficient handling, monitoring, and reviewing of non-conformities is crucial for proper risk management and mitigation.

Product improvement management (issue resolution) projects are prioritised based on risk and importance. Such a project is initiated when Wärtsilä identifies a technical issue according to claim statistics, customer feedback, or internal analysis, and the case fulfils the risk categorisation for a non-isolated case.

The businesses are responsible for supporting customers in all warranty issues. This offers a feedback loop from the field to production and R&D, while taking care of the customers’ installations throughout their lifecycle. The company makes warranty provisions to cover any costs that may arise after product delivery. The company’s product liability insurance covers unexpected damages.

Wärtsilä seeks to continuously improve the quality of its products and services through the adoption of best industry practices and good governance. Each business is responsible for the quality of their products and services. Management at all levels is responsible for the quality of output from their organisations and is accountable for ensuring that appropriate review and feedback mechanisms are in place. Wärtsilä’s business level quality and environmental management systems are ISO 9001:2015 and ISO 14001:2015 certified, with an emphasis on proactive risk and opportunity management. Migration to the new occupational health and safety ISO 45001:2018 standard version was completed during 2020.

Contractual risks

Wärtsilä’s equipment business includes projects and deliveries of various sizes. The most substantial orders concern power plants delivered on a complete EPC (engineering, procurement, and construction) basis, and major marine and energy delivery contracts requiring extensive coordination, efficient risk management, and the integration of contracted systems and solutions.

To avoid unforeseen cost overruns even in the most complex projects, Wärtsilä puts a strong emphasis on having correct processes and technical assessment controls in place. During the past two years, efforts have been made to introduce a more robust project risk management practice already in the sales phase. A focus on supplier approval and internal training also prevails. With these measures, Wärtsilä aims to ensure the quality of its project execution activities, and the upfront identification of project specific risks and opportunities.

The risk of product liability claims is reduced through the lifecycle quality of the company’s products and work. This applies from the initial design and continues through all stages of the production process to the eventual field service activities, and includes the use of standard sales contracts, as well as the establishment of a contract review process.

In activities related to lifecycle support, contractual risk is mainly related to long-term agreements and service projects, such as engine upgrades, retrofits, or modifications. In large scale performance-based agreements, the recognised contractual risk is related to the ability to manage and maintain assets as planned.

Risk of non-compliance, corruption and fraud

Wärtsilä complies with the law and its own internal policies and procedures everywhere the company does business. Wärtsilä’s Code of Conduct is the key guideline for all employees globally. Wärtsilä is committed to high ethical standards and integrity, and to preventing corruption and violations of the principles set forth in the Code of Conduct, as well as in Wärtsilä’s Anti-Corruption and Compliance Reporting policies, and has a whistle-blowing process in place for reporting misconduct incidents. Compliance processes are embedded in all of the businesses, and the responsibility for compliance and awareness of ethics and integrity is that of all Wärtsilä employees. Wärtsilä is fully committed to complying with anti-corruption laws and statutes. Wärtsilä’s Anti-Corruption Policy absolutely forbids any kind of corruption and bribery, and the top management of the company has a zero-tolerance policy regarding corruption and fraud.

The Compliance function promotes Group-wide compliance and continuously strives to raise awareness of the risk of corruption and bribery and other misconduct. It is primarily responsible for creating and enforcing Group level policies and procedures, training programmes, misconduct incident reporting, and internal compliance investigations, as well as for managing the consequences of misconduct, and reporting. The continuous development of Wärtsilä’s compliance programme and nurturing the company’s commendable ethical culture are pivotal tasks for the Compliance function. Moreover, Compliance supports and cooperates with the businesses and other corporate functions in their risk management efforts.

While Wärtsilä is aware of the risk of being subject to fraud by external business parties, and that the risk of corruption and fraud is heightened in many markets where the company operates, Wärtsilä maintains its highly ethical practices at all times. Full compliance with its stringent anti-corruption regime, including policies to prevent the corruption and bribery risk of third parties, is demanded by Wärtsilä.

Cyber and information security related risks

Wärtsilä has an experienced and professional internal organisation dedicated to the effective management of cyber security risks across Wärtsilä’s portfolio. This organisation, in cooperation with Wärtsilä’s businesses, delivers cyber security operational support. It also provides the associated governance, risk management, and assurance required to support and enable safe and secure internal operations, while ensuring that the businesses’ customer offerings are aligned with the relevant current and future regulations and applicable standards.

The Wärtsilä cyber security governance model is closely aligned with overall business risk management and supports the businesses and support functions in identifying and prioritising their respective cyber security risks. The cyber security team works seamlessly with physical security colleagues across Wärtsilä to ensure the effective and coordinated delivery of holistic security solutions for both the cyber and physical domains.

Information security risks related to Wärtsilä’s internal operations are continually identified, analysed, and evaluated. The attendant mitigation activities are executed across Wärtsilä’s networks, endpoints, systems, and services. The 24/7 Wärtsilä Security Operations Center continually monitors the perimeter to internal systems and closely observes the external threat exposure level, whilst providing a coordinated response to identified information security incidents, as and when they may occur.

The effective mitigation of risks associated with cyber security hygiene throughout Wärtsilä is continually and progressively reinforced through coordinated and complementary cyber security training, awareness initiatives, and extensive communications. This involves all Wärtsilä corporate functions and the businesses.

Wärtsilä has identified the need to mitigate the cyber security risks associated with its supply chain. The company is addressing this need through a comprehensive and risk-based approach, involving both increased opportunities for remote and objective assessment of some suppliers, as well as increased levels of communication with others.

Wärtsilä is one of the founding members of the Operational Technology Cyber Security Alliance (OTCSA) intended to provide a technical and organisational framework for safe and secure operational technology. This alliance aims to bridge dangerous gaps in security for operational technology and industrial control systems. As cyber criminals are seen to increasingly target operational technology used to control physical equipment such as those found in factories, power plants, ships, or ports, finding ways to collaborate with the ecosystem of suppliers, customers, and other partners, even competitors, is the best way to manage the continuously evolving threat landscape.

Privacy and data protection risks

The EU’s General Data Protection Regulation (GDPR) sets out the general framework for Wärtsilä’s data protection. Wärtsilä has global privacy notices to inform its personnel, customers, vendors, other stakeholders, and interest groups about the processing of personal data. Data protection implementation is supported by, and aligned with, group-wide privacy policies and processes. Mandatory GDPR training is in place for employees processing personal data, and tailored data protection training is provided for specific employee groups, Wärtsilä has also increasingly invested in the development of data protection platforms to support data protection management and implementation. Wärtsilä applies a risk-based approach to privacy and data protection, and continues to take further actions to strengthen privacy and data protection implementation in order to mitigate risks.

Commodity price risk


Oil

The direct effect of oil price changes on Wärtsilä’s production is limited, with their impact being mainly demand related. Higher oil prices represent a risk for global economic growth and increase operating costs, especially in the shipping markets. However, they also stimulate investments in exploration and production for oil and gas, both on land and offshore. Furthermore, high oil prices increase investments in gas carriers, gas-based power plants and, increasingly, also in gas-fuelled vessels. Low oil prices can delay investment decisions in oil producing countries and regions, as well as in the offshore industry. Wärtsilä is a global company involved in different shipping and power plant segments where oil price changes can have an opposing impact on demand drivers. This position is further diversified by the increasing importance of natural gas to Wärtsilä’s business.

Metals

Metal prices have an indirect effect on the component cost of Wärtsilä’s products. Some key components are sourced with long-term contracts, and raw material price volatility is, therefore, limited.

Electricity

Electricity prices have no substantial impact on Wärtsilä’s production costs. In the energy markets, high electricity prices support investments in new capacity by utility customers. Lower grid electricity prices do not favour investments by industrial customers in their own generating capacity.

© 2021 Wärtsilä