Risk Management
Basic approach and policy
Our Group has developed internal rules on the risk management system based on the risk management rules, which stipulate that the analysis, management, and consideration of measures for risks must be performed, mainly for relevant divisions. The rules also stipulate that the Risk Management Committee, which is a cross-sectional organization of relevant divisions and the whole Group, must be established to analyze, manage, and consider measures for risks that require a response from the Group. In addition, we have established business continuity rules and their subordinate rules (which are guidelines for continuing the Company’s business in the event of a contingency or crisis) and shared them with all directors and employees of the Company.
System
Risk Management Committee
We have developed internal rules and are analyzing, managing, and considering measures for risks, mainly for relevant divisions. In addition, the relevant divisions and the Risk Management Committee analyze, manage, and consider measures for risks that require a response from the Group based on the risk management rules. The Risk Management Committee is a permanent, Group-wide organization chaired by the Representative Director and Chairman (CEO), and consists of directors as its members.
Risk Management Committee members
| Committee Chair | Takao Umino (Representative Director, Chairman & CEO) |
|---|---|
| Vice Committee Chair | Kenji Hasegawa (Representative Director, President & COO) |
| Member |
Yoshiaki Chino (Representative Director and Deputy President)
Minoru Nakamura (Director and Senior Executive Vice President) Tetsuya Nakamura (Director and Senior Executive Vice President) Masayasu Amaike (Director and Executive Vice President) and 11 other members |
| Observer | Takehiro Matsumoto (Full-Time Auditor) |
| Secretariat | Corporate Planning Division |
(as of January 17, 2025)
Risk Management Committee structure chart
Risk identification process
The Group identifies risks by conducting annual Group-wide risk assessments in accordance with the risk management rules. The risk assessment analysis results are reported to the Risk Management Committee and the Board of Directors. The Risk Management Committee selects the priority risks to be monitored according to the analysis results and regularly checks them for progress.
Initiatives of the Risk Management Committee
The Risk Management Committee discusses risk management plans, including risk analysis and management, evaluation reports on response to high-priority risks, annual risk management plans, and the planning and implementation of countermeasures. In FY2024, the Risk Management Committee was convened once.
Going forward, we will continue our efforts to reduce risks while monitoring mainly priority risks in accordance with the risk management plan formulated by the Risk Management Committee. We will regularly identify potential risks and work to avoid and reduce risks and prevent a crisis from occurring. Specifically, we will conduct annual risk assessments covering the Group companies once a year to identify company-wide risks. The Risk Management Committee will report the risk assessment analysis results and select priority risks. For identified priority risks, the Committee will report the progress (follow-up) to the Board of Directors twice a year to check on the progress of the necessary responses.
Main risks
The following stipulates the main risk items identified by the Group and the description of risks.
(As of December 20, 2024)
For details on the risks, refer to the Securities
Report.
FY2024 Securities Report: Business and other risks
Information security
The Group ensures the appropriate use and management of its information assets by developing information security rules, including the Basic Policy on Information Security and Countermeasure Standards, and by developing an information security organizational structure. By combining multiple systems, security tools, and monitoring services, the Company has created an environment that enables early detection, defense, and response. In addition to focusing on warning all directors and employees regarding information security through regular education, notifications, etc., on information security, we regularly conduct training to handle and respond to incidents.
In FY2024, the Information Systems Division issued a reminder regarding information leaks for new employee training. Employees are alerted about the risk of leaking confidential information through the use of generative AI, and directors and all employees are provided with information security training.
Information security organization chart
*The Information System Chief Supervisor shall be the officer in charge or responsible officer who controls the Information Systems Division. The Information System Chief Supervisor shall be responsible for supervising and managing company-wide information security. However, an Information Security Chief Supervisor may be appointed separately.
*The Information Security Committee Chair shall be the officer in charge.
*Under the Company’s system, any important matters regarding information security are to be submitted and reported to the Strategy Committee and, as necessary, the Board of Directors.
Internal audit system
The Internal Audit Division conducts internal audits of the Company’s operations based on the internal audit plan.
Management of intellectual property rights
The importance of intellectual property rights is increasing year by year due to the growing awareness of them in society and various measures taken by the government. The Group has established the Legal Division as a division responsible for controlling intellectual property rights. The Legal Division acquires achievements obtained through research and development, etc., as intellectual property rights and utilizes them to provide the Group’s high-quality and high-value-added products.
In addition, as part of our efforts to prevent the risk of third-party patent infringement, we conduct prior art searches in the early stages of development and hold monthly patent review meetings at our R&D center based on the patent information we have collected. As part of our efforts to prevent trademark and copyright infringement, we review documents to be sent externally before they are released. We also conduct intellectual property rights comprehension tests for employees in relevant divisions.
Business Continuity Planning (BCP)
In order to continue business operations in the event of a contingency or crisis, we have established business continuity rules and business continuity guidelines. We share the content among all directors and employees and conduct firefighting training and safety confirmation training based on a large-scale disaster scenario.
