To respond appropriately to various risks surrounding the Group and to operate its business stably by minimizing damages, the Group strives to improve risk sensitivity and risk control capabilities. As one aspect of efforts to enhance its governance system, in FY2019, the Group reviewed its risk management mechanisms and built a more highly effective and reliable risk management system, and is conducting risk reduction activities at all Group business locations both in Japan and overseas.
The Group conducts risk management activities aimed at controlling factors that could exert a negative impact on our business performance and providing steady support for sound business operations throughout the Mitsubishi Materials Group. To assure achievement of these goals, we are conducting activities under the following three basic policies:
While critical risks inherent to each field of business are identified by individual business divisions, the Group identifies and evaluates serious, high priority risks at a management level which share a high degree of commonality across the Group and which are expected to have a severe impact on the Group’s business management.
The critical risks to be prioritized by the entire Group and the contents and response approaches of critical risks to be tackled by each business division are discussed at length by the Company’s Sustainable Management Office, Executive Officers’ Meeting and the Board of Directors, and defined on an annual basis. Each business site formulates activity implementation plans in accordance with this. These plans then undergo review by the Governance Deliberative Council before being put into action.
A structure is in place by which the content of these activities is shared with members of management and relevant departments, and progress is monitored on a regular basis by the Sustainable Management Office, the Strategic Management Committee and the Board of Directors.
Additionally, information on risks identified as part of risk management activities is provided for use in internal audits, and a system is in place to have risks that have been pointed out in audits, etc. added as necessary to the risk management scope. Strict PDCA management is applied to this entire system. With regard to training, we are striving to boost our sensitivity to risk and enhance and raise the bar concerning our risk control capabilities by implementing training sessions, both in Japan and abroad, that feature both internal and external consultants.
Critical risks are classified into four categories according to the attributes of each, with roles and responsibilities set for each level (management level, relevant departments, companies and other business divisions, and business sites). In an effort to ensure that all critical risks are addressed without fail, we have established a system that enables business sites to receive sufficient support if it proves difficult for them to address risks on their own, upon consultation with the parent company, overseeing business division, and relevant specialist departments
The table below shows the main risks the management of the Group has recognized, based on this system, as having the potential to significantly impact the Group’s business results and financial situation. The contents of these risks are indicated in the “Business and other risks” section of the Consolidated Financial Results.
| Name of risk | Probability of occurrence | Level of impact |
|---|---|---|
| International situation, overseas economic situation | High | Large |
| Market trends | Medium | Large |
| Fluctuations in raw material and utility prices | High | Large |
| Procurement | Medium | Large |
| Climate change | High | Large |
| Natural disasters and abnormal weather | Medium | Medium |
| Occurrence of violations of pollution and environmental laws and regulations | Medium | Medium |
| Infection (COVID-19) | High | Medium |
| Information security | High | Medium |
| Financial risks | Medium | Large |
| Human rights risks | Medium | Medium |
We are striving to strengthen our crisis management systems to facilitate prompt, accurate responsiveness to emergency situations, including natural disasters, accidents, terrorist attacks and pandemic events. Besides operating crisis management related rules that apply to the entire Group, we formulate business continuity plans at all our consolidated subsidiaries in Japan and overseas, with the aim of minimizing the impact on customers of any crisis that might occur through swift restoration and continuation of operations.
We also receive the latest global information on crisis management and expert advice from an external consulting company, and have established a system that enables employees dispatched overseas and stationed regionally to receive advice on action to take in the event of an emergency, as well as direct safety assurance services and medical services. Other efforts include the deployment of a safety guidebook that considers the risks faced by each country and region, and the implementation of security checks in countries and regions deemed particularly high risk.
In addition, from fiscal 2021, our Crisis Management Activities include serious operational risks such as quality scandals, business legal violations, information leaks, cyber attacks, and breaches of trust, in addition to natural disasters, accidents, acts of terrorism, and pandemics, etc., which were already covered by the activities. To ensure that the system can respond to a wide range of crisis situations, it defines how to respond to each type of crisis situation, clarifies roles and responsibilities, and provides a framework that organizes the items to handle on a timeline.
The Group implemented a crisis management system both in Japan and abroad in order to help quickly assess the safety of employees and the scope of damage at business sites in the event of a disaster or other crisis, and to share this throughout the Group.
This has made it possible to initiate prompt and adequate initial response, and has also allowed us to leverage the Group’s network to provide support, etc. from sites near disaster-afflicted areas.
The Group defines information security as one of the issues in management, and aims to conduct safe business by ensuring information management, including the handling of personal information.
The Group defines information security as one of the issues in management, recognizes the personal information of customers and business partners to be the most important information asset, and strives to reduce the risk of information leakage, loss, and destruction.
In order to ensure compliance with the Group information security management policy, we have defined Group Information Security Management Regulations, Information Security Measure Standards, Confidential Information Management Regulations, and various implementation procedures that must be complied with
Basic rules regarding the construction and operation of a management system for Group information security, for the goal of protecting the information assets owned or managed by the Group from theft, leakage, modification, or destruction, and minimizing corporate loss
Standards defining information security countermeasures for electromagnetic information assets that the Group must follow
Basic rules regarding the handling of personal information and basic indicators on management methods for maintaining the confidentiality of information assets in general
In addition, “Information Security Panels” are set up to establish, adopt, operate, monitor, review, maintain and improve our information security policy, and information security managers are assigned to the Group and group companies to operate and monitor them.
Our information security activities involve enhancing and expanding our information infrastructure with an eye towards business continuity in the event of a large-scale disaster, strengthening our technical measures for information systems, and introducing and operating management systems.
Technical efforts include enhancing our protective measures for preventing damage from attacks that leverage known vulnerabilities, as well as our risk reduction measures, which include enhancing defense in depth and the early detection of damage from new threats such as targeted attacks. In order to counter the rising threat of ransomware, we have introduced a system for forcibly applying updates and patches for vulnerabilities of the Group and all Group companies, including overseas companies.
On the management end, we strive to maintain and improve our level of security by implementing the PDCA cycle of performance evaluations and employee education on a continual basis.
As a measure of fiscal 2023, we will promote stable operation of the Security Operation Center (SOC) and expand the area we monitor. In addition, we aim to establish the activities of the Computer Security Incident Response Team (CSIRT) and raise security awareness through information security education and training.
Furthermore, we will not only comply with personal information protection laws of relevant countries, but also plan to implement new security measures in the OT field, where digitalization and transition to smart factory are progressing.
As security threats continue to worsen, we will continue to comprehensively, efficiently, and appropriately investigate and implement a variety of technical countermeasures.
The Group implements various measures under a common group policy to prevent important business from stopping, which prioritizes the prevention of employee infections and the prevention of the spreading of infections at business sites and in the local community.
The Group established a task force at the head office to direct a unified COVID-19 response across the Group. The task force formulates preventative measure guidelines and group action policies according to the status of the pandemic around the world and deploys them to all business sites, centralizes information on the health of employees, the situation and policies/regulations of various countries and regions, impact on business sites, and impact on the supply chain, etc., shares that information with top management, and conducts monitoring to ensure that the Group can handle changes to the situation swiftly and appropriately.
The Group implements various measures for ensuring the health of all employees and maintaining workplace safety in Japan and overseas, as well as preventing the spread of infection in the various regions where we conduct business.
In order to continue producing and supplying products that support society and important businesses such as the recycling business, thereby meeting the demands of our customers and society, the Group is implementing various measures as appropriate given the current status of the pandemic and requests from national and regional governments, based on business continuity plans for each of our business sites.
In order to respond to major changes in the business environment and business structure and the severe impact to the real economy that is expected to have long-term consequences, the Group is implementing various measures for increased competitiveness, such as further enhancing cooperation with markets and customers, migrating to new work styles such as teleworking, improving management speed via digital transformation, and rebuilding business models.