Risk Management and Controls

Risk Management

The objective of Vaisala’s risk management is to identify and manage material risks related to strategy implementation and business operations. Vaisala has a risk management policy which has been approved by the Board of Directors, and which covers the Company's strategic, operational, hazard and financial ​financial risks. The policy aims at ensuring the safety of the Company's personnel, operations and products, as well as the continuity and compliance of business operations.

The Board of Directors defines and approves risk management principles and policies, and assesses the effectiveness of risk management. The Audit Committee reviews compliance with risk management policy and processes.

Vaisala’s Risk Management Steering Group comprises key internal stakeholders. The Steering Group is responsible for the operational oversight of the risk management process and assuring that all significant risks are identified and reported, and risks are acted upon on all necessary organizational levels and geographical locations.

Risk management is integrated into key business processes and operations. This is accomplished by incorporating applicable risk identification, assessment, management and risk reporting actions into the core processes. The most significant risks are reported to the Vaisala.

Near-term Risks and Uncertainties

Uncertainties in political situation and governmental customers’ budgetary constraints may reduce demand for Vaisala’s products and services or slow down customer projects.

Delay in developing applications for digital solutions as well as acquiring and in building related competences for sales and business operations may slow down growth in Weather and Environment Business Area. Closing of infrastructure projects in Weather and Environment Business Area may be postponed by budgetary constraints, complex customer decision making processes, changes in scope, and financing. Thus, Vaisala’s financial performance may vary significantly over time.

Prolonged new product ramp-ups and market acceptance of new offering, such as power transformer monitoring products, supplementary air quality network sensors, and continuous monitoring systems, may postpone the realization of Vaisala’s growth plans. Weakness in introducing new technologies and applications may result in erosion of price premium or loss of cost competitiveness and market position.

Long interruption in production or test equipment or disruption in suppliers’ and subcontractors’ delivery capability or product quality may impact significantly Vaisala's net sales and profitability. Cyber risk and downtime of IT systems may impact operations, delivery of information services or internet-based services, or cause financial loss.

Vaisala’s capability to successfully complete investments, acquisitions, divestments and restructurings on a timely basis and to achieve related financial and operational targets may include uncertainties and risks, which may negatively impact net sales and profitability.

Half Year Financial Report 2017, July 20, 2017

 

Risk Map

Vaisala's business operations are subject to various risks which may have an adverse effect on the company. The list below is not complete but it explains some of the risks with their potential impacts and how Vaisala manages those risks today.

Strategic Risks

 
Risk Impact Management
Global lowering of price level and gradual loss of price premium Lower gross margin Continued focus on product leadership
    Strive for outstanding customer experience and superior product quality
    Cost reduction
​Customer budget cuts in developed countries and political unrest in developing economies Reduced revenue​ ​Regional sales capabilities
    Sales model for upgrades
Success of growth in information service businesses not meeting targets Reduced return on investments Strong engagement with target industries
    Frequent business follow-ups
    Efficient sales execution
New product introduction and/or entry to new markets slower than planned Delayed return on investment, cost overruns due to engineering of legacy products Sales organization and channel development
    Early product piloting and concepting
    R&D support for production ramp-up

Operational Risks

 
Risk Impact Management
Availability of IT systems Interruptions to operations, especially manufacturing Stabilization of operational IT environment, shortening of resolution time of critical incidents
    Change management process with impact analysis and formal approvals
Business continuity risks  Delays in deliveries, and consequent loss of customers Active supplier risk assessment
related to suppliers Supplier base optimization
    Long-term supplier development plans
    Strategic supplier continuity audits
Cyber risks Interrupts to operations or information services Information Security Management System (ISMS) creation and deployment
  Financial loss Cyber insurance
  Loss of trade secrets or personal data
Change management performance Reduced revenue or profitability caused by failed or delayed investment, acquisition, divestment or restructuring projects Continuous progress follow-up
    Resource allocation for critical projects
Project delivery performance and interdependencies Uncertainty of revenue forecasting, lower profitability Continuous sales and delivery process follow-up and improvement
Political, legislative or  Loss of market potential, or increased cost of accessing a market Geographic and market diversity of business
regulatory changes Market and regulatory foresight
​Inventory risk ​Reduced profitability due to write-down ​Development of product ramp-down and material management and inventory processes

Hazard Risks

 
Risk Impact Management
Fire, contamination, or other major disruption in the clean room operation Reduced revenue Emergency stock of sensor components, risk based management of production equipment and spare parts, safety of facilities
  Loss of customers Business continuity planning
Field service health and safety risks related to working conditions Harm to health or safety of personnel Continuous development of occupational health and safety system, emergency procedures
    Traveler tracking system
Failure of infrastructure supporting information service businesses Reduced availability of information services Geographic system redundancy across four server sites
Natural disaster, epidemic,  Impaired business environment leading to cancellation of orders, or delays in deliveries and revenue Geographic business diversity
civil unrest, terrorism Monitoring of the business environment
    Risk assessment of business opportunities
Financial risks  
Risk Impact Management
Credit risk Credit loss Secured terms of payment, business credit checks, diversification of customer pool
Liquidity and refinancing risk Unavailability of credit facilities Sustainable capital structure
Financial credit and interest  Financial credit loss, lower finance income High credit rating of financial counter parties, low risk cash investment
​rate risk    
Currency risk Lower net profit due to foreign exchange rate movements Currency hedging

Controls

Main Featur​es of the Internal Control and Risk Management Systems Pertaining to the Financial Reporting Process

The internal control seeks to ensure the Company's compliance with applicable laws, regulations and with Vaisala's code of conduct as well as the reliability of financial and operational reporting. Furthermore, the internal control seeks to safeguard the Company's assets and to ensure overall effectiveness and efficiency of operations to meet Vaisala's strategic, operational and financial targets. Internal control practices are aligned with Vaisala's risk management process. The goal of the risk management is to support Vaisala's strategy and the achievement of targets by anticipating and managing potential business threats and opportunities.

Vaisala's operating model of internal control and risk management related to financial reporting aims to provide sufficient assurance regarding the reliability of financial reporting and that the financial statements have been prepared in accordance with the applicable laws and regulations, generally accepted accounting principles (IFRS) and other requirements for listed companies. The principal components of internal control are control environment, risk assessment, control activities, communications and monitoring.​

Contr​ol Environment

The Board of Directors has the overall responsibility for the internal control of financial reporting. The Board of Directors has established a written formal working order that clarifies its responsibilities and regulates the internal distribution of work of the Board of Directors and its committees. The Board of Directors has appointed the Audit Committee whose primary task is to ensure that established principles for financial reporting, risk management and internal control are followed to and that appropriate relations are maintained with the Company's auditors. The President and CEO has the responsibility for maintaining an effective control environment and the ongoing work on internal control as regards the financial reporting. The Internal Audit reports all relevant issues to the Audit Committee and the President and CEO.

The Internal Audit focuses on developing and enhancing control over the financial reporting by proactively concentrating on the internal control environment and by monitoring the effectiveness of the control. The most important internal steering instruments for Vaisala's financial reporting comprise the Code of Conduct, treasury policy, credit policy, accounting policies and reporting instructions.​

Risk Assessment

Vaisala's risk assessment as regards financial reporting aims to identify and evaluate the most significant threats at the levels of Group and reporting segments as well as at the level of functions and processes. The risk assessment results in control targets through which Vaisala seeks to ensure that the fundamental requirements placed on financial reporting are fulfilled. Information on the development of essential risk areas as well as the plans and measures to mitigate the risks are communicated regularly to the Audit Committee.​

Control Activities

Vaisala's management has operational responsibility for internal controls. Internal control related to the financial activities as well as to control of the business and the management has been integrated into Vaisala's business processes. Vaisala has defined and documented significant internal control activities related to its financial statement reporting process as part of business processes. Internal control activities include approvals, authorizations, verifications, reconciliations, reviews of operating performance and segregation of duties.

All business units have their own defined controller functions whose representatives participate in planning and evaluating unit performance. They ensure that monthly and quarterly financial reporting follows the company's policies and instructions and that all financial reporting is delivered on time. Management follow-up is carried out through monthly management reporting routines. ​

Communications

Vaisala seeks to ensure that the Company's internal and external communication is open, transparent, accurate and timely. Code of Conduct, treasury policy, credit policy, accounting policies, and reporting instructions as well as disclosure policy are available on Vaisala's intranet. The disclosure policy defines how and when information should be given and by whom it is given. It also defines the accuracy and comprehensiveness of the information in order to fulfill the communication obligations. Vaisala's CFO reports the results of the internal control work and efficiency of the control activities as a standing item on the agenda of the Audit Committee.​

Mo​​nitoring

The effectiveness of internal control related to financial reporting is monitored by the Board of Directors, the Audit Committee, the President and CEO, Management Group and internal audit. The monitoring includes the follow up of monthly financial reports, review of the rolling estimates and plans, as well as reports from Internal Audit and auditors. The Internal Audit assesses the effectiveness of Vaisala's operations and the adequacy of risk management and reports the risks and weaknesses related to the internal control processes. Internal Audit compiles an annual audit plan, the status and findings of which it regularly reports to Audit Committee and Vaisala's management. Furthermore, the CFO, General Counsel, Internal Audit and Auditor coordinate the audit planning and monitoring at least twice a year.