Basic Policy on Risk Management
To stabilize business activities and enhance corporate value,SCSK carries out ongoing risk management with the purpose of consistent performance and growth, reinforcing our corporate structure and maintaining trust, having envisioned various scenarios during the course of our business activities.
|Increase the consistency of performance and ensure sustainable growth by administering operations so that actual results do not vary from forecasts.|
|Limit losses from latent risks posed by the business model to enable business continuity even when risks emerge.|
|Maintain and increase trust by fulfilling corporate social responsibilities including legal compliance.|
Definitions of Risk
At SCSK, we define risk as “the possibility for incurring losses or the possibility of returns from business activities deviating from expectations.” To manage risk exhaustively and efficiently, we categorize risk into the four types: hazard risk, strategic risk, financial risk and operational risk.
|Hazard risk||Natural disasters, pandemics, accidents, crime cyberterrorism, etc.|
|Strategic risk||Business investment, technological innovation, talent strategy, country risk, etc.|
|Financial risk||Foreign exchange rates, interest rates, asset valuations, etc.|
|Operational risk||Organizational management, management of subsidiaries, commercial transactions, asset and investment management, information security, labor affairs, litigation, environment, system development, etc.|
Risk Management System
SCSK has established the Risk Management Regulations and the Risk Management Department as a dedicated department in charge of risk management, so that we can efficiently manage risks that could have a serious adverse effect on the SCSK Group’s business.
Based on these regulations, each corporate department is responsible for relevant risks based on their individual operations. All persons heading up an organization including business departments are in charge of risk management for their respective organizations.
The Risk Management Department centrally identifies and evaluates the status of risk management from a companywide perspective and regularly reports its findings to the President and Chief Operating Officer. Additionally, risks determined to require more focused ountermeasures are defined as important risk management items, with countermeasures and implementation progress reported to the Management Committee and Board of Directors.
Risk Management Process
Under the risk management system described above, we continually implement a series of processes that include (1) Identify and evaluate risk; (2) Review risk countermeasures; (3) Implement risk countermeasures; (4) Monitoring; and (5) Review of each risk countermeasure. The goal of these processes is two-fold: consistent performance and growth, reinforce our corporate structure, and maintain trust, as well as adapt to changes in business climate.
To identify and evaluate risks, every year, we regularly take inventory of risks for the entire organization, including Group companies inside and outside Japan. At the same time, the Risk Management Department gathers risk information from inside and outside the company and shares it with the President and Chief Operating Officer and relevant organizations.
The examination, implementation, monitoring and review of risk countermeasures are carried out every year for the entire company mainly by the Corporate Group responsible for each risk. In addition, the status of each process is also reported to the Management Committee and Board of Directors.
Emergency Response and Business Continuity Plans
To prepare for the occurrence of large-scale disasters, pandemics and other unforeseen circumstances that may have a grave impact on SCSK and the SCSK Group, the Company has established rules of conduct and organizational frameworks to respond to emergencies. The Company, led by the Disaster Risk Management Subcommittee, is taking a number of advanced measures, such as stockpiling food, water and other supplies; conducting drills for adopting an employee safety confirmation system and setting up disaster headquarters; establishing a system to address emergencies that take place at night or on holidays; and sharing information and raising awareness among employees through the disaster response portal, e-learning and disaster preparedness seminars. Furthermore, the Company re-examines its current business continuity plan (BCP) each year for further improvement.
SCSK is also working to reinforce its disaster response measures based on an assessment of the effectiveness of these measures conducted by a risk management consulting company. Taking into account the promotion of telecommuting that forms part of our working style reforms, we are working on measures to reinforce disaster preparedness at home, including distributing the Disaster Preparedness Handbook to all employees. Through these activities, we are working collectively as a Group to ensure our BCP is highly effective.