Risk management
Basic policy
The Group’s basic policy for risk management is as follows:
- When setting strategies and business performance targets and engaging in efforts to achieve them, we seek integration of strategies and risk management by considering risk profiles, risk appetite, risk capacity and risk tolerance.
- By recognizing risks clearly at an earlier stage and promptly providing as many choices as possible for risk management, we reduce the possibility of unachieved business targets, losses, accidents, and failures.
- By monitoring risks on a regular basis, we address any deviation from intended performance swiftly and with consistency.
- With a grasp of our comprehensive and consistent risk portfolio, we seek optimum allocation of the Group’s resources.
Risk management system
We have formulated the Risk Management Rules that specify the basic points involved in risk management and have established risk categories in addition to the Risk Management Division that handles them. We have also established the Business Risk Management Committee as the Group-wide risk manager. Thus, we have the systems in place to identify and evaluate risks on a Group-wide level and are formulating business continuity plans (BCPs) that can keep business functioning.
Additionally, we have established a crisis management system to minimize loss when risks that are larger than anticipated materialize. This includes the task of establishing crisis management committees whenever a crisis arises that could severely impact our business.
Risk management system
| Internal Control Committee | Based on our Basic Guidelines for Establishing Internal Control Systems, we are establishing organizational systems to ensure observance of laws and regulations, operational effectiveness and efficiency, and the reliability of our financial reports while comprehending and evaluating the overall operational status of the applicable internal control systems. |
|---|---|
| Business Risk Management Committee |
This committee verifies whether the first-line risk manager is formulating strategies and business objectives and evaluating their practical application and performance aligned with our Group’s mission, vision, and core values. Concurrently, it manages the Group-wide impact of the risk resulting from having chosen those strategies and business objectives. |
| Business Risk Manager (1st-tier risk manager) |
This manager formulates strategies in accordance with our Group’s mission, vision, and core values. The manager also formulates action plans as specific measures tailored to each organizational environment in accordance with the policies indicated by each support division, and manages the progress of measures implemented. |
| Support Division (2nd-tier risk manager) |
This manager provides the guidelines for addressing risk in the Group for the applicable risk category, and monitors the appropriateness, effectiveness, and status of corrective actions. |
| Internal Audit Division (3rd-tier risk manager) |
From an independent standpoint, this manager evaluates the appropriateness and effectiveness of the first and second tier managers’ performance, implementation processes, and the risk management and compliance structures they have established. It provides information when needed while also requesting improvements. |
Assessment, management, and monitoring process
For risk assessments in the Group, we not only assess risks regarding our business activities and business plans, but we also regularly identify, assess, and revise our risks linked to our materiality (key issues for corporate groups to prioritize). We create risk heat maps, graphically indicating priority risks along two dimensions: level of impact and likelihood of occurrence.
The Support Division corresponding to each risk handles the related risk management and monitoring. Circumstances assessed as serious risks are reported to the Business Risk Management Committee. Concrete actions are taken to mitigate the risks and make improvements based on the Group’s organizational structure for risk management.
Risk heat map
