Risks at Tieto are categorized as strategic, operational, financial, and compliance risks.
Strategic risks are related to market volatility, IT market transformation to new technologies (including the rapid digitalization of the society), change management, ability and speed to re-skill, agility to response to new entrants in the market, dependencies on few big customers in some business areas, and ensuring the delivery quality in the dynamic business environment.
Operational risks refer to changing business model in business units, risk and continuity management, customer bidding and requirement analysis, and maintaining the high professional standard of the delivery management and quality assurance.
Financial risks mainly consist of credit risks, currency risks, interest rate risks and liquidity risks.
Compliance risks are connected to great number of changes of requirements in the areas of internal policies and rules, ethics and integrity, laws (anti-corruption, anti-bribery, insider matters, trade compliance legislation), and other external regulations, such as new EU level Data Protection Act.
Risks are aggregated by utilizing corporate risk reporting tools, resulting in risk maps which are reviewed by Leadership Teams in the units and the ARC. Tieto’s major risks as well as the measures for their mitigation are described below.
Changes in the Nordic core markets affect directly on market conditions and result in volatility that might have a negative impact of the Nordic market growth. Changes in the economic environment and customer demand can affect both business volumes and price levels, which might result in lower income or slower income growth than expected.
These potential impacts are partly mitigated through multi-year contracts for continuous services. Tieto also aims to maintain long-term business relations and to be a preferred supplier to its key customers, including full stack IT deliveries. The company executes tight cost and investment control with continuous investment performance monitoring, accompanied with a clear structure for decision rights. Global service capabilities, cross-selling and tough price competition are the main drivers in the IT sector for the development of the global delivery model. Tieto’s position as leading enterprise cloud service provider in the Nordics is supported by existing and enhanced competencies, and by the choice of right partners.
Change and transformation
In large scale adaptation to the market by organizational transformation and right-sizing, the change resistance can prolong the transition, which may affect the operational efficiency long after the change.
The change management capacity is concentrated in a common program management office (PMO), which provides standard tools and systems for the change, including communication, target setting, and training for the transition period of strategy execution. PMO can also be used to plan re-skill and staff retention to response to challenges from new entrants in the market.
Dependence on big customers and few markets or industries
A very big portion of Tieto’s sales and the majority of profits are generated in Finland, the high market share in Finland makes the growing in Finland challenging, but possible. Sweden is the second-biggest market and with clear growth potential. Additionally, around half of our current CSI revenue are from short term contracts, but Tieto has a strong order backlog which compensates this. Sudden changes in the market environment, customer demand and customer strategies or the competitive landscape in these areas might harm Tieto’s operations and profitability.
To diversify the business, Tieto also provides services to a number of different industries and aims to develop its business mix with a view to provide full stack IT services and by this, to strengthen its position amongst both current and new customers. An industrialized and standardized way of providing services and solutions is a measure to improve competitiveness and reduce the risk.
Close to 100% availability is the basis of the trust towards customers and to the society. Thus, business continuity planning is a high priority in Tieto’s operational management; this includes careful reviews of the services and systems to avoid single point of failure patterns.
To reduce the service continuity risk and better understand the interdependencies in data centers, IT asset management, configuration management and monitoring systems are constantly reviewed, maintained and improved. In addition to a comprehensive business interruption insurance portfolio, Tieto has recovery procedures and backup systems in place to handle potential service interruptions. Incident analysis, best practices and experiences from previous incidents help in preparing for and mitigating service continuity risk.
Quality costs related to customer bidding and delivery management
Inability to appropriately understand and analyze customers’ changing needs, their business processes and the exact requirements can lead to misjudgments in setting the scope of projects or services and, consequently, difficulties in meeting the specifications of customer agreements. This in turn can result in project overruns, operating losses or termination of customer contracts.
Tieto continuously gathers customer feedback to establish the requirement baselines and checklists for different business areas. Continuous improvement of the bidding risk management, requirement analysis, delivery management and the quality assurance of the deliveries, is carried out to mitigate the risk. Also specific risk assessment tools are used for better understanding of customer bidding and end-to-end risk management, from sales to the closure of the delivery. In case of changes in customers’ business requirements, it is contractually agreed that the consequent changes in project deliveries are managed throughout the project organization in a standard manner.
Retention of employees
Fresh competition and demands for new services requires ability and speed to re-skill, attract new and retain existing competences and business knowledge for new service models and offerings. Tieto’s success builds on passion, innovation, attraction of talent, skills renewal, business knowledge and maturity of the organization. In addition, the performance of its employees and managers both locally and in its delivery centres worldwide are key to success.
Inability to retain key employees and to recruit new talent with the required competence might have a negative impact on the company’s performance and strategy implementation. High employee turnover might also cause delays in customer projects, leading to penalties or loss of customer accounts.
To reduce these risks, Tieto implements unified delivery models across sites and offers its employees challenging jobs, diverse development possibilities, social recognition, and training opportunities as well as interesting career paths through job rotation. Furthermore, the company has competitive compensation packages, including a company-wide incentive system. Attractive recruitment tools & strategies, talent management and competence development have a high strategic priority at Tieto. The company also focuses on Employer Branding to build and strengthen Tieto’s image as an attractive employer both internally and externally.
Changes in the general market environment and global economy can usher in additional financial risks. Credit risks might arise if customers or financial counterparties are not able to fulfil their commitments towards Tieto.
Under Tieto’s Credit Policy, the finance department together with the business organization is responsible for assessing customers’ creditworthiness, taking into account past experience, their financial position and other relevant factors. Credit risk regarding financial counterparties is managed by using counterparty limits, as set out in Tieto’s Treasury Policy.
A special focus has been put on raising awareness of credit risks with additional reporting and training processes. The collection process has been designed to better correspond to higher credit risks.
Tieto’s currency transaction exposure arises from foreign trade, cash management and internal funding in foreign currencies. Translating the balance sheets and income statements of Group companies into euros creates a translation exposure.
As a substantial proportion of the Group’s consolidated revenues are generated in Sweden, fluctuations of the Swedish krona against the euro may have an impact on the consolidated financial statements.
Tieto’s Treasury Policy defines the principles and risk limits under which Group Treasury manages currency risks.
Exceptional market conditions in the financial market might impose temporary limitations on raising new funding and lead to an increase in funding costs.
Group Treasury monitors and manages the liquidity position of Tieto by maintaining sufficient loan and investment portfolio. Analyses of alternative financing sources for the company and their pricing are continuously updated. Tieto’s financial risks are described in full in the notes to the financial statements.
Governance of risk and compliance
In Tieto, governance, risk, and compliance (GRC) are closely linked and consistently defined in corporate policies and rules with proper controls. In the finance function, for example, financial reporting, compliance and risk monitoring are efficiently integrated into daily operations. Thanks to automated processes Tieto can readily adapt to changes in business conditions, regulations or corporate policy with the necessary risk management controls.
Tieto has invested in process automation, which is seen as a way to improve quality and reduce costs. Well-drafted policies and rules are made available to assure that the implications of automation on risk and compliance are fully understood by all parties in the organization.