Wärtsilä has defined its objectives for internal control based on the international COSO framework. According to Wärtsilä's definition, internal control is a process taken part by Wärtsilä's Board of Directors, management, the Boards of Directors of Group companies and other personnel, designed to provide reasonable assurance regarding the achievement of objectives.
Internal control covers all the policies, processes, procedures and organisational structures in Wärtsilä that help management and ultimately the Board to ensure that Wärtsilä is achieving its objectives, that the business conduct is ethical and in compliance with all applicable laws and regulations, and that the company's assets, including its brand, are safeguarded and that financial reporting is correct. Internal control is not a separate process or set of activities, but it is embedded in the operations of Wärtsilä. The system of internal control operates at all levels of Wärtsilä. Wärtsilä maintains and develops its internal control system with the ultimate aim of improving its business performance, and at the same time to comply with laws and regulations in countries where it operates.
Planning and target setting, an integral part of performance management in Wärtsilä, are a regular management activity and not part of Wärtsilä's internal control system. The establishment of objectives, however, is an important prerequisite for internal control. Through the performance management process, financial and non-financial targets are set for Wärtsilä annually on the Group level. Group level targets are then translated into targets for Businesses and WIO, Group Companies, and eventually individuals.
The achievement of the annual targets is followed up through monthly management reporting. The performance of the Businesses and WIO and achievement of the annual targets are reviewed on a monthly basis in the respective Management Team meetings. The performance and the achievement of the targets of the Group and of the different Businesses and WIO are reviewed on a monthly basis by the Board of Management. The respective Management Teams and the Board of Management also address the reliability of Wärtsilä's financial reporting.
Financial reporting in Wärtsilä is carried out in a harmonised way in all major Group Companies, using single instance ERP system and a common chart of accounts. The international financial reporting standards (IFRS) are applied in the whole Group. Wärtsilä's finance and control process is essential for the functioning of internal control. Adequate controls in the financial management and accounting processes are needed to ensure the reliability of financial reporting.
The Board of Directors regularly assesses the adequacy and effectiveness of Wärtsilä's internal controls and risk management. It is also responsible for ensuring that internal control over accounting and financial administration is arranged appropriately. The Audit Committee of the Board of Directors of Wärtsilä Corporation is responsible for overseeing the financial reporting process. The Group Finance & Control function is responsible for notifying relevant levels of management of deviations from plans, for analysing the underlying reasons, and for suggesting corrective actions. The Group Finance and Control supports the Businesses and WIO in decision-making and analysis to ensure attaining financial targets. It is also responsible for maintaining and developing the company's performance management processes so that the management at different levels of the organisation is able to receive timely, reliable and adequate information regarding the achievement of the organisation's objectives, and also for developing the financial reporting processes and respective controls.
Legal and compliance management
Legal and compliance management practices and processes are also central in Wärtsilä's system of internal control. It is Wärtsilä's policy to act in accordance with the applicable laws and regulations in all countries where it operates.
Legal and compliance management act predominantly in a proactive manner. A key activity is to strengthen and ensure the culture of appropriate conduct and behaviour both internally and in external business transactions. Company-wide control mechanisms and processes are a part of the overall internal control system.
Human resource management practices and processes have a fundamental role in Wärtsilä's system of internal control. Wärtsilä's key human resource management processes with respect to internal control are compensation and benefits, HR development, recruitment and resourcing management and individual performance management, as well as processes for collecting feedback from the employees. These processes for their part help ensure the effectiveness of internal control in Wärtsilä. The HR function is responsible for maintaining and developing Wärtsilä's HR processes to enable effective internal control also on the individual level.
Other management systems
The Board of Management is responsible for developing and implementing Wärtsilä's management system, for continuously improving its performance and ensuring that it operates effectively. The Wärtsilä management system covers all global processes and management procedures in Wärtsilä related to fulfilling customer requirements. The proper functioning of the aspects of the management system highlighted below ensure for their part attaining Wärtsilä's internal control objectives.
The quality of Wärtsilä's solutions, and thus quality management, is a top priority in Wärtsilä. Compliance with Wärtsilä's Quality Management System ISO 9001:2000 is compulsory throughout the Group and compliance with the system is rigorously monitored.
Wärtsilä is strongly committed to sustainability. Wärtsilä's vision, mission and values together with a solid financial performance form the basis for sustainable development in Wärtsilä. Furthermore, significant attention is paid to social and environmental sustainability of Wärtsilä's operations.
Internal control in Wärtsilä is designed to support the company in achieving its targets. The risks related to the achievement of the targets need to be identified and evaluated in order to be able to manage them. Thus, identification and assessment of risks is a prerequisite for internal control in Wärtsilä. Wärtsilä's internal control mechanisms and procedures provide management assurance that the risk management actions are carried out as planned.
Wärtsilä has defined and implemented entity level and process level control activities as well as information systems controls. Control activities at different levels are needed to directly mitigate risks at the respective levels. Wärtsilä's risk management processes consist of a Group-wide risk assessment and management processes, as well as project-specific risk assessments and project risk management. The Group-wide risk assessment process results in the creation of action plans for the identified and prioritised risks.
Each Business and WIO reports its main risks to the Board of Management of Wärtsilä which also follows up the execution of the defined risk management action plans on a regular basis. The Board of Directors of Wärtsilä Corporation is responsible for defining the Group's overall level of risk tolerance and for ensuring that Wärtsilä has adequate tools and resources for managing risks. The President & CEO, with the assistance of the Board of Management, is responsible for organising and ensuring risk management in all Wärtsilä's operations. Business and WIO management is responsible for defining action plans for managing the most important risks.
Wärtsilä's most important strategic, operative and financial risks can be found in the Risks and risk management section.
Information management plays a key role in Wärtsilä's internal control system. Information systems are critical for effective internal control as many of the control activities are programmed controls.