The Group conducts risk management activities aimed at controlling factors that could exert a negative impact on our business performance and providing steady support for sound business operations throughout the Mitsubishi Materials Group. To assure achievement of these goals, we are conducting activities under the following three basic policies:
While critical risks inherent to each field of business are identified by individual business divisions, the Group identifies serious, high priority risks at a management level which share a high degree of commonality and priority across the Group, and are thought to have a severe impact on the business management of the Group.
The matters and plan for addressing critical risks given priority across the whole Group, and critical risks tackled by each business division, are discussed at length by the Company’s Sustainable Management Office, Executive Officers’ Meeting and Board of Directors, and set on an annual basis. Each business site formulates activity implementation plans in accordance with this, which then undergo review by the Governance Deliberative Council, before being applied as part of measures to reduce risk.
A structure is in place by which the content of these activities is shared with members of management and corporate divisions, and the progress of which is monitored on a regular basis by the Sustainable Management Office, Executive Officers’ Meeting, the Board of Directors, internal audits and the Committee for Monitoring of Measures to Enhance Governance, which is comprised of External Directors. Additionally, information on risks identified as part of risk management activities is provided as materials for internal audits, and a system is in place to have risks indicated through audits, etc. added as needed as subjects for risk management, making for a strict PDCA management system on the whole.
With regard to training, we are striving to boost our sensitivity to risk and enhance and raise the bar concerning our risk control capabilities by implementing training sessions featuring both internal and external consultants that are held both in Japan and abroad.
As part of Group Governance Framework Enhancement Measures in fiscal 2019, we reviewed conventional risk management mechanisms in order to further improve risk management effectiveness, building a new, enhanced risk management system that is being rolled out across the Group both in Japan and abroad in fiscal 2020 onwards. From fiscal 2021, we are improving the convenience of functions for visualizing risk information and making improvements for smoother communication between the parent and subsidiaries.
Critical risks are classified into four categories according to the attributes of each, with roles and responsibilities set concerning the means of involvement at each level (management level, corporate division, company and other business division, business site).
In an effort to ensure that all critical risks are addressed without fail, a system has been established that allows for business sites to receive a sufficient support - following consultations with the parent company and overseeing business division, and corporate divisions specializing in the area of risk at hand - if the application of measures addressing risks proves particularly difficult for an individual business site alone.
Monitoring risk information is made easy by taking steps to visualize risk conditions and the progress status of risk reduction efforts. We are working to promptly and accurately determine where to prioritize deploying management resources to address risks, and the level to which risks can be reduced, etc., by mapping out the risks possessed by the business operations of the Group.
Further, monitoring the progress status of risk reduction efforts in an integrated manner has made it easier to identify delays, and facilitates prompt and appropriate response to risks.
From fiscal 2021, we have upgraded this tool to make it easier to use and have enabled information on critical risks to be shared throughout the entire Group. This will enable us to improve the level of management and make it easier to horizontally deploy good practices of risk countermeasures across the Group.
We are striving to strengthen our crisis management systems to facilitate prompt, accurate responsiveness to emergency situations, including natural disasters, accidents, terrorist attacks and pandemic events. Besides operating crisis management related rules that apply to the entire Group, we formulate business continuity plans at all our consolidated subsidiaries in Japan and overseas, with the aim of minimizing the impact on customers of any crisis that might occur through swift restoration and continuation of operations.
We also receive the latest global information on crisis management and expert advice from an external consulting company, and have established a system that enables employees dispatched overseas and stationed regionally to receive advice on action to take in the event of an emergency, as well as direct safety assurance services and medical services. Other efforts include the deployment of a safety guidebook that considers the risks faced by each country and region, and the implementation of security checks in countries and regions deemed particularly high risk.
From fiscal 2021, our Crisis Management Activities will now include serious operational risks such as quality scandals, business legal violations, information leaks, cyber attacks, and breaches of trust, in addition to natural disasters, accidents, acts of terrorism, and pandemics, etc., which were already covered by the activities. To ensure that the system can respond to a wide range of crisis situations, it defines how to respond to each type of crisis situation, clarifies roles and responsibilities, and provides a framework that organizes the items to handle on a timeline.
The Group implemented a crisis management system in January 2019 both in Japan and abroad in order to help quickly establish an understanding of the safety of employees and the scope of damages at business sites, and to share this across the Group, should a disaster or another state of emergency occur.
This has made it possible to initiate a prompt and adequate initial response, and has also allowed us to leverage the Group network to provide support, etc. from sites nearby disasterafflicted areas.
We regard information security as one of our top priorities in terms of CSR management, and consider personal information in particular to be one of our most important information assets. That is why we make every effort to minimize the risk of information being leaked, lost or damaged.
The focus of our information security activities is on improving information infrastructure, taking into account business continuity in the event of a large-scale disaster, and on reinforcing technical measures and implementing new management systems, with support from the Information Security Panel, a subdivision of our Sustainable Management Office.
In terms of technical measures, we are working to improve protective measures to avoid damage as a result of attacks targeting known vulnerabilities, while also implementing risk mitigation measures against new threats such as targeted attacks, by expanding multi-layer protection and detecting damage early on.
Infections from computer viruses such as ransomware have seen an uptick in recent years. To deal with this threat, we have promoted increased vigilance at Mitsubishi Materials and all group companies, and introduced a system to forcibly apply software patches and updates to address vulnerabilities, even at overseas group companies.
On the management side, we are making every effort to maintain and enhance security levels through repeated implementation of the PDCA cycle in areas such as performance evaluations and employee education.
Moving forward, we will continue to examine and implement a range of technical measures against rapidly advancing security threats at the appropriate level and in a comprehensive and efficient fashion.