At Tieto, risk management is integrated into the business processes. Managers are responsible for conducting and implementing risk management procedures in their business transactions. Raising awareness of the importance of risk management and improving common processes and tools are prioritized in key processes such as sales and deliveries.

Targets for risk management

Risk management aims to support the execution of the company’s strategy and the achievement of business goals, ensuring the continuity of successful business operations.

The main tasks of risk management are to identify the most significant risks for Tieto’s business, assess the likelihood and impact of these risks, prepare action plans to mitigate the risks and report about key findings and risk management activities to the management, the Audit and Risk Committee and the Board of Directors.

Business contingency planning and corporate security

Tieto has a unified incident management process. Security risks are divided into two main categories: those based on ICT (Information and Communications Technology) and those based on physical or personnel security. Corporate-level security policies, rules and guidelines cover both main categories. Business unit compliance with corporate-level security documentation is verified through unit self-assessments and audits. Audit procedures cover both ICT infrastructure and physical site security.