For us, business ethics means safeguarding ethical business practices to ensure that we act as a good corporate citizen. We actively work to implement our Code of Conduct and related rules throughout our operations and value chain.
Corruption, human rights breaches and other unethical activities if occurring in any part of our value chain, could, apart from damaging Tieto, have an impact on external and internal stakeholders of the company as well as society. Tieto as a company, including our Board of Directors and top management, has zero tolerance for corrupt and unethical behaviour, and we see implementation of ethical values and work practices throughout our value chain as an important part of our corporate responsibility (CR) work. Naturally, we adhere to local legislation in the countries where we operate, for instance the UK Bribery Act and US Foreign Corrupt Practices Act (FCPA).
The majority of our business operations are located in countries that may be considered to be cleaner from corruption, i.e. based on Transparency International 2014 Corruption Perceptions Index measuring public sector corruption. Prior to acquisitions and large outsourcing, we strive to conduct thorough due diligence processes in order to map out any potentially corrupt behaviour before the deal is closed. Other controls to prevent misconduct and fraud are, for example, segregation of duties and rotation of key roles in management and finance.
As a large IT services provider with global business operations, we recognize that human rights issues concern also Tieto, although our potential risks are mainly related to our supply chain. In 2014, we strengthened CR management of our supply chain. These activities are described in more detail in the ‘Procurement and supply chain’ text.
Policies and rules governing business ethics
Our Code of Conduct policy summarizes our ethical values and is based on the United Nations Global Compact principles in the areas of human rights, labour rights, anti-corruption and the environment, and the OECD Guidelines for Multinational Enterprises. The code applies to all our operations and to any party contributing to our services, products and other business activities. The Code of Conduct is a part of the employment contract at Tieto, thus must be accepted by all new employees when joining the company. In addition, employees are expected to refresh their knowledge on the content of the Code of Conduct on a yearly basis by taking a Code of Conduct e-learning.
Among other things, the Tieto Code of Conduct defines our environmental practises, and human rights and workplace practices regarding non-discrimination, equal opportunities and a safe working environment. Furthermore, it specifies our corporate practices regarding conflicts of interest, gifts and bribes, and the safeguarding of our corporate assets, all of which we adhere to. Our Code of Conduct also states that we do not take political stances. Nor do we give financial or in-kind contributions to political parties or institutions.
To highlight specific sections of the Code of Conduct policy, we have separate rules providing more detailed guidance. One example is the Anti-Corruption Rule, which provides practical guidelines on how to avoid unethical behaviour, and advises employees on how to evaluate different types of situations one may encounter at work. We recognize that corruption still is a major ethical problem in society globally and is to be addressed by all enterprises and organisations. Our Anti-corruption Rule is tailored for our type of business, and applies to all our employees in all countries of operation.
We also have a separate Competition Law Compliance Rule. In today’s rapidly changing world with new business models emerging, enterprises often change roles from being competitors to being suppliers or partners, and vice versa. Thus, clear guidance for employees to assess what kind of behaviour is considered appropriate when interacting with other companies on the market, and to recognize when to seek the advice of our Legal function, is needed.
Our environmental rule outlines the precautionary approach to environmental management at Tieto and in the value chain. The rule is compliant with ISO 14001 requirements.
To clarifiy the ethical guidelines applying to our suppliers we have a separate Supplier Code of Conduct Rule, which is also based on the United Nations Global Compact and OECD Guidelines for Multinational Enterprises. This rule is implemented in all new supplier contracts with regular suppliers. For more information about our supply chain management, please read the ‘Procurement and supply chain’ text.
Communication on the content of the Code of Conduct policy and rules is an important part of our CR work. At the end of 2014, we launched a new combined Code of Conduct and Anti-corruption e-learning to further strengthen awareness and knowledge of our ethical values and guidelines throughout operations. This new e-learning is interactive and utilizes realistic case studies. Employees’ knowledge of the topics is tested by a quiz at the end. By the end of January 2015, 74% of employees had passed this new e-learning. Furthermore, in 2013–2014, 36% of our management (level 1–3), sales teams, and alliance and procurement teams had taken our Competition Law e-learning. To strengthen communication with suppliers, we among other things launched a supplier relationship management programme (Supplier One) in 2014 for a limited number of our top vendors. The purpose of this programme is to improve collaboration with our most significant suppliers by setting joint targets for the collaboration, formal governance and follow-up on vendors’ performance and how they adhere to the Supplier Code.
The Code of Conduct policy and its rules are owned by our Head of Corporate Responsibility and coordinated by our CR function. Managers are responsible for ensuring that the content and the spirit of the CR policy and rules are communicated, understood and acted upon within their respective organizations.
At Tieto, our Operative Decision Making and Authority Policy describes the overall operative decision making rules and authorities in the company. One example is the distribution of assets, such as philanthropic donations. At Tieto, these require approval by our Board of Directors.
As per Tieto's compliance requirements, policies and rules are reviewed annually and updated if needed. The latest review of the Code of Conduct policy and related rules took place at the end of 2014, and concluded that no updates were needed.
Monitoring and follow-up of unethical behaviour
Our approach to unethical behaviour is embedded in our proactive awareness campaigns, continuous monitoring and follow-up processes. To evaluate the risks for unethical behaviour, such as corruption, we conduct internal and external audits as well as specific fraud investigations assisted by external experts.
Internal audits are conducted by our Internal Audit function according to the annual plan based on risks found. The aim is to ensure that Tieto as a company complies with the laws, regulations and customer agreements in force, as well as policies and guidelines, in all our operations. Our Internal Audit Policy outlines the internal audit’s objectives, intentions, directions, responsibilities, and possible consequences in terms of risk control, auditing, expediency, and ethics. The policy covers governance, risk management and business processes, and applies to all employees.
Some internal investigations are also initiated by whistle-blowing. Our whistle-blowing process allows anonymous and confidential reporting on violations of the Code of Conduct and related rules or any unethical behaviour to the General Counsel of the company. The process is designed to ensure that persons reporting violations will not be subject to any retaliation. Failure to act in compliance with the Code of Conduct can result in appropriate disciplinary actions.
External financial audits are conducted by an external party and vary between full scope and statutory, depending on size of business operations and specific needs.
For 2014, we have concluded that no breaches of our Code of Conduct or related rules took place.
Internal whistle-blowing escalations generated two internal audits in three business units in three different countries, altogether covering approximately 6.2% of employees. These audits included analysis of risks of corruption and bribery, diversion, conflict of interest, related party action, disbursement, and suspected false invoicing and skimming. However, the results of these audits concluded there were no confirmed incidents of corruption. The cases did not cause any harm or loss for Tieto as an internal control system was in place. For 2014, there were no confirmed incidents with business partners or any legal cases regarding corruption brought against our organization or employees.
External audits in 2014 covered 100% of our employees in all business operations and countries. Testing of transactions as well as possible risks of mismanagement or corruption are always included in the financial audits. In addition, the scope may also include risky business operations and ad-hoc audit assignments to evaluate the efficiency of the risk controls in place. No findings of misconduct were discovered in the financial audits in 2014.
Similarly, no confirmed discrimination cases were found in 2014. Three incidents have been investigated, of which two investigations have been concluded.