Business ethics

In the global business context, the importance of business ethics is continuously growing. To answer customers’ sharpened requirements, Tieto is putting emphasis on implementing its responsible business practices throughout the value chain. Our Code of Conduct training is mandatory for all employees on an annual basis.

Tieto as a company, including the Board of Directors and top management, has zero tolerance to unethical business behaviour, and sees implementation of ethical values and work practices as a vital part of the company’s corporate responsibility. In addition to adhering to local legislation in operating countries, such as the UK Bribery Act and US Foreign Corrupt Practices Act, Tieto’s ethical values are outlined in the company-wide Code of Conduct Policy and related Rules, which apply to all stakeholders.

The focus on business ethics among Tieto’s customers has increased during the past years, especially related to corruption, gifts and hospitality. During 2016, Tieto put increased efforts into highlighting the differences between customers' ethical business practices and Tieto’s own among its sales and delivery teams.

Internal communication on the Code of Conduct Policy and Anti-corruption Rule was also strengthened during the year. Among the topics highlighted were fraud and conflicts of interest. Code of Conduct and Anti-corruption training effectiveness was improved through better reporting and follow-up of e-learning statistics, making it easier for managers to track e-learning completion rates among employees.

Tieto also initiated an on-boarding programme with the purpose of ensuring sufficient controls with customers, suppliers or any other third party to achieve necessary screening and due diligence. Our aim is to digitalize this process.

A compliance management system was established to better track recurring tasks and development items. These tasks include annual reviews of policies and rules, compliance risk analyses, knowledge sharing and escalations being handled.

Policies and rules governing business ethics

Tieto’s Code of Conduct Policy defines the company’s human rights and workplace practices regarding non-discrimination, equal opportunities and a safe working environment, among many other things. It also specifies the business practices regarding, for instance, conflicts of interest, gifts and bribes, and the safeguarding of corporate assets. In addition, the policy states that Tieto does not take political stances, nor give financial or in-kind contributions to political parties or institutions.

To highlight specific sections of the Code of Conduct Policy, Tieto has separate rules providing more detailed guidance. One example is the Supplier Code of Conduct Rule, which is implemented in all new supplier contracts with regular suppliers.

Another example is the Anti-Corruption Rule. Tieto recognizes that corruption is still a major ethical problem in society globally, and needs to be addressed by all enterprises and organizations. The Anti-corruption Rule provides practical guidelines on how to avoid unethical behaviour, and advises employees on how to evaluate different types of situations one may encounter at work. The rule is tailored for Tieto’s type of business, and applies to all employees in all countries of operation.

Tieto’s Competition Law Compliance Rule provides guidance for employees to assess what kind of behaviour is considered appropriate when interacting with other companies on the market, and to recognize when to seek the advice of our Legal function.

In a rapidly changing and competitive business environment, conflicts of interest is an area which needs to be carefully addressed by all companies and organizations. At Tieto, this issue is addressed in the Code of Conduct Policy as well as the Operative Decision Making and Authority Policy, which describes the overall operative decision-making rules and authorities in the company. Tieto also applies segregation of duties, where one person cannot approve activities in which this person is involved.

Tieto’s Operative Decision Making and Authority Policy also clarifies the distribution of assets such as philanthropic donations. At Tieto, these are authorized by the Board of Directors.

Implementing ethical business practices in daily business operations

In addition to accepting the Code of Conduct when joining the company, Tieto’s employees are expected to refresh their knowledge on the content of the Code of Conduct on a yearly basis by taking the Code of Conduct and Anti-corruption e-learning course. This e-learning uses practical examples tailored for Tieto. Real-life cases help to recognize situations where employees must assess and make decisions based on the Code of Conduct.

86% of employees trained in the Code of Conduct Policy and Anti-corruption Rule in 2016.

The increased focus on Code of Conduct Policy training generated good results in 2016. Tieto aims at 100% e-learning coverage on a yearly basis. By the end of 2016, 86% (73%) of employees had been trained in the Code of Conduct Policy and Anti-corruption Rule.

Monitoring and follow-up of unethical behaviour

Tieto’s approach to unethical behaviour is embedded in our proactive awareness campaigns, continuous monitoring, and follow-up processes. Tieto's risk management approach comprises a risk map for higher-level management, including the Board of Directors. The risk categories are compliance, financial, operational, project and strategic. To identify and validate risks of unethical behaviour, Tieto conducts internal as well as external audits when required.

Internal audits are conducted by the Internal Audit function according to the annual plan based on risks found. The aim is to ensure the company complies with the laws, regulations, and customer agreements in focus, as well as policies and guidelines, in all operations. The Internal Audit Policy outlines the internal audit’s objectives, intentions, directions, responsibilities, and possible consequences in terms of risk control, auditing, expediency, and ethics. The policy covers governance, risk management, and business processes, and applies to all employees.

No Code of Conduct breaches in 2016.

Some internal investigations are also initiated by whistle-blowing. Tieto’s whistle-blowing process allows anonymous and confidential reporting on violations of the Code of Conduct, related rules, or any unethical behaviour to the General Counsel of the company. The process is designed to ensure that persons reporting violations will not be subject to any retaliation. Failure to act in compliance with the Code of Conduct can result in appropriate disciplinary actions.

External financial audits are conducted by an external party and vary between full scope and statutory, depending on the size of business operations and specific needs. Audits include, among other things, testing of transactions as well as assessment of possible risks of corruption. The scope of the testing may cover risk based audit assignments to evaluate the efficiency of the risk controls in place. No findings of misconduct were discovered in the financial audits in 2016.

As part of Tieto’s zero tolerance to unethical behaviour, the company has a target of zero breaches of the Code of Conduct Policy. For 2016, no breaches of the Code of Conduct Policy took place.

Internal whistle-blowing escalations in 2016 generated five internal audits in four different countries in five sites, altogether covering approximately 26% of employees. These audits included analysis of risks of corruption and bribery, diversion, conflict of interest, related party action, disbursement, and suspected false invoicing and skimming. However, the results of these audits concluded there were no confirmed incidents of corruption. The cases did not cause any harm or loss for Tieto as an internal control system was in place. The result from the audits show that a full implementation of Tieto Procurement processes is important in order to reduce the risk for conflict of interest and fraud.

No confirmed discrimination cases were found in 2016.

Going forward, Tieto will evaluate the learnings made during the year from reviews of customers’ supplier codes of conduct and liability rules. We also plan to further communicate about these among customer and delivery teams. In addition, the aim is to review and update Tieto’s Code of Conduct Policy together with its related rules and e-learning. Furthermore, a gap analysis related to the ISO 37001 anti-bribery management system will be conducted in order to set plans for further actions.