Tieto has four risk categories and they are: strategic, operational, financial and compliance risks.
Strategic risks are related to market volatility, IT market transformation to new technologies (including the rapid digitalization and automatization of society), change management, reskilling ability and speed, agility to respond to new entrants in the market, dependencies on few big customers in some business areas and ensuring delivery quality in the dynamic business environment.
Operational risks refer to changing the business model in business units, risk and continuity management, customer bidding and requirement analysis and maintaining a high professional standard in delivery management and quality assurance.
Financial risks mainly consist of credit risks, currency risks, interest rate risks and liquidity risks.
Compliance risks are connected to the organization failing to recognize or meet a great number of changes to requirements in the areas of legislation or other mandatory regulation (e.g. new General Data Protection Regulation, anti-corruption, anti- bribery, insider matters, trade compliance legislation), internal policies and rules or ethics and integrity
Risks are aggregated by utilizing the corporate GRC platform, resulting in risk maps that are reviewed by Leadership Teams in the units and the ARC. Tieto’s major risks and the measures for their mitigation are described below.
Changes in the Nordic core markets have a direct effect on market conditions and result in volatility that might have a negative impact on Nordic market growth. Changes in the economic environment and customer demand can affect both business volumes and price levels, which might result in lower income or slower income growth than expected.
These potential impacts are partly mitigated through multi-year contracts for continuous services. Tieto also aims to maintain long-term business relations and to be a preferred supplier to its key customers, including full stack IT deliveries.
The company executes tight cost and investment control with continuous investment performance monitoring, accompanied with a clear structure for decision rights, which are defined in the corporate decision making and authority policy. Global service capabilities, cross- selling and tough price competition are the main drivers in the IT sector for the development of the global delivery model. Tieto’s position as a leading enterprise cloud service provider in the Nordics is supported by existing and enhanced competencies, and by the choice of right partners.
Change and transformation
In large-scale adaptation to the market by organizational transformation and right-sizing, resistance to change can prolong the transition, which may affect operational efficiency long after the change.
The change management capacity is concentrated in a common programme management office (PMO), which provides standard tools and systems for the change, including communication, target setting and training for the transition period of strategy execution. PMO can also be used to plan reskilling, staffing and retention to respond to challenges from new entrants in the market.
As a very large proportion of Tieto’s sales and the majority of profits are generated in Finland, the company’s high market share in this country means that achieving growth there is challenging, but possible. Sweden is the second-biggest market and has clear growth potential. Additionally, around half of our current consulting-type revenue is from short- term contracts, but a strong order backlog compensates for this.
Sudden changes in the market environment, customer demand and customer strategies or the competitive landscape in these areas might harm Tieto’s operations and profitability.
To diversify the business, Tieto also provides services to a number of different industries and aims to develop its business mix with a view to providing full stack IT services and thereby strengthen its position amongst both current and new customers. An industrialized and standardized way of providing services and solutions is a means of improving competitiveness and reducing the risk.
Close to 100% availability is the basis of trust among customers and society. Thus, business continuity planning is a high priority in Tieto’s operational management in order to ensure that redundancy and fault tolerance are at the appropriate level.
To reduce the service continuity risk and to better understand the interdependencies in data centres, Tieto constantly reviews, maintains and improves its IT asset management, configuration management and monitoring systems. In addition to a comprehensive business interruption insurance portfolio, Tieto has recovery procedures and backup systems in place to handle potential service interruptions. Root cause analysis, best practices and experiences from previous incidents help in preparing for and in mitigating service continuity risk.
Quality costs related to customer bidding and delivery management
Inability to appropriately understand and analyse customers’ changing needs, their business processes and the exact requirements can lead to misjudgements in setting the scope of projects or services and, consequently, difficulties in meeting the specifications of customer agreements. This in turn can result in project overruns, operating losses or termination of customer contracts.
Tieto continuously gathers customer feedback to establish the requirement baselines and checklists for different business areas. Continuous improvement of the bid risk management, requirement analysis, delivery management and the quality assurance of the deliveries is carried out to mitigate the risk. Also, a specific risk management framework is used for better understanding of customer bidding and end-to-end risks, from sales to the closure of the delivery. In case of changes in customers’ business requirements, it is contractually agreed that the consequent changes in project deliveries are managed throughout the project organization in a standard manner.
Retention of employees
Fresh competition and demand for new services require ability and speed to reskill, attract new and retain existing competences and business knowledge for new service models and offerings. Tieto’s success builds on passion, innovation, attracting talent, skills renewal, business knowledge and the maturity of the organization. In addition, the performance of its employees and managers both locally and in its delivery centres worldwide is key to its success.
Inability to retain key employees and to recruit new talent with the required competence might have a negative impact on the company’s performance and strategy implementation. High employee turnover might also cause delays in customer projects, leading to penalties or loss of customer accounts.
To reduce these risks, Tieto implements unified delivery models across sites and offers its employees challenging jobs, diverse development possibilities, social recognition and training opportunities as well as interesting career paths through job rotation. Furthermore, the company has competitive compensation packages, including a company-wide incentive system. Attractive recruitment tools, strategies, talent management and competence development have a high strategic priority at Tieto. The company also focuses on Employer Branding to build and strengthen Tieto’s image as an attractive employer both internally and externally.
Changes in the general market environment and global economy can usher in additional financial risks. Credit risks might arise if customers or financial counterparties are not able to fulfil their commitments towards Tieto.
Under Tieto’s Credit Policy, the finance department together with the business organization is responsible for assessing customers’ creditworthiness, taking into account past experience, their financial position and other relevant factors. Credit risk regarding financial counterparties is managed by using counterparty limits, as set out in Tieto’s Treasury Policy.
A special focus has been put on raising awareness of credit risks with additional reporting and training processes. The collection process has been designed to better correspond to higher credit risks.
Tieto’s currency transaction exposure arises from foreign trade, cash management and internal funding in foreign currencies. Translating the balance sheets and income statements of Group companies into euros creates a translation exposure.
As a substantial proportion of the Group’s consolidated revenues are generated in Sweden, fluctuations of the Swedish krona against the euro may have an impact on the consolidated financial statements.
Tieto’s Treasury Policy defines the principles and risk limits under which Group Treasury manages currency risks.
Exceptional market conditions in the financial market might impose temporary limitations on raising new funding and lead to an increase in funding costs.
Group Treasury monitors and manages Tieto’s liquidity position by maintaining a sufficient loan and investment portfolio. Analyses of alternative financing sources for the company and their pricing are continuously updated. Tieto’s financial risks are described in full in the notes to the financial statements.
Governance of risk and compliance
At Tieto, governance, risk, and compliance (GRC) are closely linked and consistently defined in corporate policies and rules with proper controls. In the finance function, for example, financial reporting, compliance and risk monitoring are efficiently integrated into daily operations. Thanks to automated processes, Tieto can readily adapt to changes in business conditions, regulations or corporate policy with the necessary risk management controls.
Tieto has invested in process automation, which is seen as a way to improve quality and reduce costs. Well-drafted policies and rules are made available to assure that the implications of automation on risk and compliance are fully understood by all parties in the organization.