For us, business ethics means safeguarding ethical business practices to ensure that we act as a good corporate citizen. We actively work to implement our Code of Conduct and related rules throughout our operations and value chain. Our interactive Code of Conduct and Anti-corruption e-learning is mandatory for all employees, and tailored for our type of business.
Corruption, human rights breaches and other unethical activities if occurring in any part of our value chain, could, apart from damaging Tieto, have an impact on external and internal stakeholders of the company as well as society. Tieto as a company, including our Board of Directors and top management, has zero tolerance for corrupt and unethical behaviour, and we see the implementation of ethical values and work practices throughout our value chain as a vital part of our corporate responsibility. Naturally, we adhere to local legislation in the countries where we operate, for instance the UK Bribery Act and US Foreign Corrupt Practices Act (FCPA).
Policies and rules governing business ethics
Our Code of Conduct policy summarizes our ethical values and is based on the United Nations Global Compact principles on human rights, labour rights, anti-corruption and environment, and the OECD Guidelines for Multinational Enterprises. The code applies to all our operations and to any party contributing to our services, products and other business activities. At Tieto, the Code of Conduct is a part of the employment contract, and thus must be accepted by all new employees when joining the company. In addition, employees are expected to refresh their knowledge on the content of the Code of Conduct on a yearly basis by taking a Code of Conduct e-learning course.
Among other things, the Tieto Code of Conduct defines our environmental practices, and human rights and workplace practices regarding non-discrimination, equal opportunities and a safe working environment. Furthermore, it specifies our corporate practices regarding conflicts of interest, gifts and bribes, and the safeguarding of our corporate assets, to all of which we adhere. Our Code of Conduct also states that we do not take political stances, nor give financial or in-kind contributions to political parties or institutions.
To highlight specific sections of the Code of Conduct policy, we have separate rules providing more detailed guidance. One example is the Anti-Corruption Rule, which provides practical guidelines on how to avoid unethical behaviour, and advises employees on how to evaluate different types of situations one may encounter at work. We recognize that corruption is still a major ethical problem in society globally and is to be addressed by all enterprises and organisations. Our Anti-corruption Rule is tailored for our type of business, and applies to all our employees in all countries of operation.
We also have a separate Competition Law Compliance Rule. In today’s rapidly changing world with new business models emerging, enterprises often change roles from being competitors to being suppliers or partners, and vice versa. Thus, clear guidance for employees to assess what kind of behaviour is considered appropriate when interacting with other companies on the market, and to recognize when to seek the advice of our Legal function, is needed.
Furthermore, we have an environmental rule which outlines the precautionary approach to environmental management at Tieto and in the value chain. This rule is compliant with ISO 14001 requirements.
To clarify the ethical guidelines applying to our suppliers we have a separate Supplier Code of Conduct Rule, which is also based on the United Nations Global Compact and OECD Guidelines for Multinational Enterprises. This rule is implemented in all new supplier contracts with regular suppliers. More detailed information about our supply chain management is available in the Procurement and supply chain section of this report.
The Code of Conduct policy and its rules are owned by our Head of Corporate Responsibility and coordinated by our CR function. Managers are responsible for ensuring that the content and the spirit of the CR policy and rules are communicated, understood and acted upon within their respective organizations.
At Tieto, our Operative Decision Making and Authority Policy describes the overall operative decision making rules and authorities in the company. One example is the distribution of assets, such as philanthropic donations. At Tieto, these require approval by our Board of Directors.
Implementing ethical business practices in daily business operations
Communication on the content of the Code of Conduct policy and rules is an important part of our CR work. Our combined Code of Conduct and Anti-corruption e-learning was launched at the end of 2014, and is mandatory for all employees. In addition to accepting the code when joining Tieto, employees are expected to take a yearly refreshment module. The Code of Conduct and Anti-corruption e-learning is interactive and utilizes realistic case studies. Employees’ knowledge of the topics is tested by a quiz at the end. By the end of January 2016, 73% of employees with active assignments had passed this e-learning. Targeted communication to employees and managers will continue in 2016 to reach full employee coverage.
Communication with suppliers is handled by our Procurement team. Apart from systematically implementing the Supplier Code of Conduct Rule, we run targeted programmes on a yearly basis. Our Supplier Sustainability Programme and Supplier One Programme are two examples, which are presented in the Procurement and supply chain section of this report.
Monitoring and follow-up of unethical behaviour
Our approach to unethical behaviour is embedded in our proactive awareness campaigns, continuous monitoring and follow-up processes. To evaluate the risks for unethical behaviour, such as corruption, we conduct internal and external audits as well as specific fraud investigations assisted by external experts.
Internal audits are conducted by our Internal Audit function according to the annual plan based on risks found. The aim is to ensure that Tieto as a company complies with the laws, regulations and customer agreements in force, as well as policies and guidelines, in all our operations. Our Internal Audit Policy outlines the internal audit’s objectives, intentions, directions, responsibilities, and possible consequences in terms of risk control, auditing, expediency, and ethics. The policy covers governance, risk management and business processes, and applies to all employees.
Some internal investigations are also initiated by whistle-blowing. Our whistle-blowing process allows anonymous and confidential reporting on violations of the Code of Conduct and related rules or any unethical behaviour to the General Counsel of the company. This process is designed to ensure that persons reporting violations will not be subject to any retaliation. Failure to act in compliance with the Code of Conduct can result in appropriate disciplinary actions.
External financial audits are conducted by an external party and vary between full scope and statutory, depending on size of business operations and specific needs.
For 2015, we have concluded that no breaches of our Code of Conduct took place.
Internal whistle-blowing escalations generated four internal audits in four different countries in eight sites, altogether covering approximately 25% of employees. These audits included analysis of risks of corruption and bribery, diversion, conflict of interest, related party action, disbursement, and suspected false invoicing and skimming. However, the results of these audits concluded there were no confirmed incidents of corruption. The cases did not cause any harm or loss for Tieto as an internal control system was in place. For 2015, there were no confirmed incidents with business partners or any legal cases regarding corruption brought against our organization or employees.
External financial audits also include testing of transactions as well as assessment of possible risks of corruption. In addition, the scope of the testing may also cover ad-hoc audit assignments to evaluate the efficiency of the risk controls in place. No findings of misconduct were discovered in the financial audits in 2015.
Similarly, no discrimination cases were found in 2015.