Risks at Tieto are categorized as strategic, operational, financial, and compliance risks.
Strategic risks are related to market volatility, IT market transformation to new technologies (including the digitalization of the society), change management, ability and speed to re-skill, agility in response to new entrants in the market, dependencies on a few big customers in some business areas, and stabilizing the delivery quality in the dynamic business environment.
Operational risks refer to the changing business model in continuous services, risk and continuity management, customer bidding and requirement analysis, and maintaining high professional standards in delivery management and quality assurance.
Financial risks mainly consist of credit risks, currency risks, interest rate risks and liquidity risks.
Compliance risks are connected to a great number of changes in requirements in the following areas: internal policies and rules, ethics and integrity, laws (anti-corruption, anti-bribery, insider matters, trade compliance legislation), and other external regulations.
Risks are aggregated by utilizing corporate risk reporting tools, resulting in risk maps that are reviewed by Leadership Teams in the units and the Audit and Risk Committee. Tieto's major risks and the measures for their mitigation are described below.
Changes in the Nordic core markets have a direct effect on market conditions and result in volatility that might have a negative impact on Nordic market growth. Changes in the economic environment and customer demand could possibly affect both business volumes and price levels, which might result in slower income growth than expected.
These potential impacts are partly mitigated through multi-year contracts for continuous services. Tieto also aims to maintain long-term business relations and to be a preferred supplier to its key customers. The company executes tight cost and investment control with continuous investment performance monitoring, accompanied with a clear structure for decision rights. Global service capabilities, cross-selling and tough price competition are the main drivers in the IT sector for the development of the global delivery model. Tieto aims at being the leading enterprise cloud provider in the Nordics. This is supported by existing competencies, the choice of right partners and development of cloud skills.
Change and transformation
In large scale adaptation to the market by means of organizational transformation and right-sizing, resistance to change can prolong the transition, which may affect operational efficiency long after the change. In case of extensive outsourcing, saturation could limit the solution portfolio and the cost of offshore locations might increase. Keeping the right balance between resources and focus and clarity in solution portfolios in the home markets and in the emerging markets is essential. The change management capacity is concentrated in a common programme management office (PMO), which provides standard tools and systems for the change, including communication, target setting, and training for the transition period of strategy execution. PMO can also be used to plan re-skill and staff retention measures in response to challenges from new entrants in the market.
Dependence on big customers and few markets or industries
Close to 50% of Tieto's sales and the majority of profits are generated in Finland, where Tieto's high market share makes growth challenging. Sweden is the second-biggest market and has clear growth potential. The telecom and financial services customer sectors account for close to half of the company's sales. Additionally, around half of our current services are non-recurring services. Sudden changes in the market environment, customer demand and customer strategies or the competitive landscape in these areas might harm Tieto's operations and profitability.
To diversify the business, Tieto also provides services to a number of other industries and aims to develop its business mix with a view to providing full stack IT services and thereby strengthen its position amongst both current and new customers. An industrialized and standardized way of providing services and solutions is a means of improving competitiveness and reducing risk.
Zero downtime is the basis of fostering the trust of customers and society. Thus, business continuity planning is a high priority in Tieto's operational management; this includes careful reviews of the services and systems to avoid single point of failure patterns.
To reduce the service continuity risk and better understand the interdependencies in data centres, IT asset management, configuration management and monitoring systems are constantly reviewed and maintained. In addition to a comprehensive business interruption insurance portfolio, Tieto has recovery procedures and backup systems in place to handle potential service interruptions. Incident analysis, best practices and experiences from previous incidents help in preparing for and mitigating service continuity risk.
Quality costs related to customer bidding and delivery management
Inability to appropriately understand and analyze customers changing needs, their business processes and the exact requirements can lead to misjudgements in setting the scope of projects or services and, consequently, difficulties in meeting the specifications of customer agreements. This in turn can result in project overruns, operating losses or termination of customer contracts. In some cases, even the company's brand might be tarnished.
Tieto continuously gathers customer feedback to establish the requirement baselines and checklists for different business areas. Bidding risk management, requirement analysis, delivery management and the quality assurance of the deliveries are continiously improved to mitigate the risk. Also specific risk assessment tools are used to enhance understanding of customer bidding and end-to-end risk management, from sales to the closure of the delivery. In case of changes in customers business requirements, it is contractually agreed that the consequent changes in project deliveries are managed throughout the project organization in a standard manner.
Retention of employees
In order to respond to fresh competition and demands for new services, we require the ability and speed to re-skill, attract new and retain existing competences and business knowledge for new service models and offerings. Tieto's success is built on passion, innovation, attracting talent, skills renewal, business knowledge and maturity of the organization. In addition, the performance of its employees and managers both locally and in its delivery centres worldwide are vital to success.
Inability to retain key employees and to recruit new talent with the required competence might have a negative impact on the company's performance and strategy implementation. High employee turnover might also cause delays in customer projects, leading to penalties or loss of customer accounts.
To reduce these risks, Tieto implements unified delivery models across sites and offers its employees challenging jobs, diverse development possibilities, social recognition, and training opportunities as well as interesting career paths through job rotation. Furthermore, the company has competitive compensation packages, including a company-wide incentive system. Attractive recruitment tools and strategies, talent management and competence development have a high strategic priority at Tieto. The company also focuses on Employer Branding to build and strengthen Tieto's image as an attractive employer both internally and externally.
Changes in the general market environment and global economy can usher in additional financial risks. Credit risks might arise if customers or financial counterparties are not able to fulfil their commitments towards Tieto.
Under Tieto's Credit Policy, the finance department together with the business organization is responsible for assessing customers creditworthiness, taking into account past experience, their financial position and other relevant factors. Credit risk regarding financial counterparties is managed by using counterparty limits, as set out in Tieto's Treasury Policy.
A special focus has been put on raising awareness of credit risks with additional reporting and training processes. The collection process has been designed to better correspond to higher credit risks.
Tieto's currency transaction exposure arises from foreign trade, cash management and internal funding in foreign currencies. Translating the balance sheets and income statements of Group companies into euros creates a translation exposure.
As a substantial proportion of the Group's consolidated revenues are generated in Sweden, fluctuations of the Swedish krona against the euro may have an impact on the consolidated financial statements.
Tieto's Treasury Policy defines the principles and risk limits under which Group Treasury manages Tieto's currency risks.
Exceptional market conditions in the financial market might impose temporary limitations on raising new funding and lead to an increase in funding costs.
Group Treasury monitors and manages Tieto's liquidity position by maintaining a sufficient loan and investment portfolio. Analyses of alternative financing sources for the company and their pricing are continuously updated. Tieto's financial risks are described in full in the notes to the financial statements.
In Tieto, governance, risk, and compliance (GRC) are closely linked and consistently defined in corporate policies and guidelines with proper controls. In the finance function, for example, financial reporting, compliance and risk monitoring are efficiently integrated into daily operations. Thanks to automated processes and compliance management tools, Tieto can readily adapt to changes in business conditions, regulations or corporate policies with the necessary compliance risk controls in place.