Through its global activities in the ICT industry, the Fujitsu Group continuously seeks to increase its corporate value, and to contribute to its customers, local communities and indeed all stakeholders. Properly assessing and dealing with the risks that threaten the achievement of our objectives, taking steps to prevent the occurrence of these risk events, and establishing measures to minimize the impact of such events if they do occur and to prevent their reoccurrence are assigned a high priority by management. Moreover, we have built a risk management and compliance system for the entire Group and are committed to its continuous implementation and improvement.
The Group identifies, analyzes and evaluates the risks that accompany business activities and works on measures to avoid or reduce them, and to deal with them quickly in the unlikely event that they materialize.
Examples of Business Risks *1
These are just some of the risks of doing business. More detailed risk-related information can be found in our earnings report, securities reports and other published reports.
In July 2012, the Fujitsu Group merged the former Risk Management Committee and Compliance Committee to form a new Risk Management & Compliance Committee with the aim of integrating and strengthening its global risk management and compliance structures.
The Risk Management & Compliance Committee appoints a Chief Risk Compliance Officer for each department and company throughout the Group, and encourages cooperation among them to both guard against potential risks and mitigate risks that materialize, forming a risk management and compliance structure for the entire Group.
The Risk Management & Compliance Committee is responsible for grasping the status of risk management and compliance in all Fujitsu business groups and Group companies in Japan and overseas, establishing the appropriate policies and processes, etc., and both implementing and continuously improving them. In practical terms, it decides on risk management regulations and guidelines, applies them and regularly reviews and improves them.
The Risk Management & Compliance Committee, which maintains regular communications with Chief Risk Compliance Officers, identifies, analyzes and evaluates the risks of business activities, confirms the detailed measures intended to deal with major risks by averting, minimizing, transferring or retaining them. It also reports important risks to the Management Council.
The Risk Management Committee also prepares responses against the actual materialization of a risk despite the implementation of various preventive measures. If a critical risk such as a natural disaster, product breakdown or defect, a problem with a system or service, a compliance violation, an information security breach, or an environmental problem materializes, the department or Group company reports immediately to the Risk Management & Compliance Committee. The Risk Management & Compliance Committee coordinates with the related divisions and workplaces for rapid resolution of the problem by appropriate measures such as establishing a task force. At the same time, the Risk Management Committee strives to identify the causes of the problem and propose and implement solutions. Additionally, for critical risks, the committee also reports as appropriate to the Management Council and the Board of Directors.
The Risk Management & Compliance Committee continuously confirms the implementation status of these processes and works to make improvements.
To build a robust disaster-preparedness network and enhance our business continuity response capabilities, the Fujitsu Group has created a Group-wide disaster-preparedness organization, assuming a major disaster. In Japan, we have been carrying out annual nation-wide disaster-response drills in conjunction with Disaster Preparedness Day on September 1st.
FY 2012 marks the 18th year of systematically conducting training for an earthquake occurring under Tokyo or in the Tonankai region. This year we completed training at 87 companies (236 sites), including Fujitsu Headquarters. At Fujitsu, we collaborated with the Miyazaki Prefectural government, a Fujitsu client, to conduct disaster response training that included the restoration of network systems. We also conducted training focused on business continuity in the event of a disaster at Shimane Fujitsu Limited, a major Fujitsu notebook PC manufacturer. Sites around Japan also carried out initial response training centered on confirming employee safety and checking for damage to work-related buildings immediately after a disaster.
Disaster-preparedness self checks are autonomously conducted throughout the Group based on inspection criteria established at each site as an activity to minimize personal injury and property damage in the event of a disaster. Based on the results of these checks for FY 2012, which found that many sites see heightening awareness of DRP (disaster response plans) and disaster response procedure training as areas needing more attention, we will be sharing effective training methods as we continue to conduct disaster-preparedness self checks in FY 2013.
Teams made up of internal departments for environmental management, facility management, and risk management have been formed and visit facilities that are critical to Fujitsu business continuity, ensuring that laws are being upheld, while also conducting joint testing throughout the Fujitsu Group in order to prevent accidents that could arise from aging infrastructure or from fires and other natural disasters. The teams are also responsible for everything from verifying inspection results to providing guidance on establishing measures to make improvements to checking on the progress of such endeavors. Based on the results of joint testing conducted at 30 facilities from FY 2010 to 2012, we will be sharing good practices and cases of improvements made regarding disaster preparedness with all facilities in the Group.
The risks of unforeseen events that threaten economic and social continuity, such as natural disasters like earthquakes and large-scale flooding, disruptive incidents, accidents, and pandemics such as the new strain of influenza, have increased greatly in recent years.
To ensure that even when such risks occur, we can continue to provide a stable supply of the high-performance, high-quality products and services our customers need, the Fujitsu Group has established a Business Continuity Plan (BCP), and promotes Business Continuity Management (BCM) as a way of continuously reviewing and improving that BCP. Through the BCM process, the lessons learned in the course of the Great East Japan Earthquake and the flooding in Thailand are now reflected in our BCP.
FY 2012 saw us make continuous efforts towards establishing precautions to ensure a stable supply of products and services, strengthen our alternative production capabilities both overseas and in Japan by creating multi-fab facilities consisting of at least two mass production plants, increase the number of suppliers we purchase parts from, and add redundancy to internal systems.
We also provided support for our suppliers' BCM evaluations and their improvement, while also dedicating ourselves to making supply chain risks visible. As one example of this, we use the SCRKeeper *2 risk management system to clarify the scope of impact risks have on the supply chain. Our executives also continued to take part in training sessions.
Going forward, the Fujitsu Group will be systematically developing specialists in order to further promote, implement, and improve BCM. In FY 2012, BCM specialists from each department took part in training to better understand BCP for their own department and learn how to conduct actual BCM activities. Our plan now is to move forward with BCM throughout the entire supply chain, not just our logistics and production supply chains, with efforts that include providing support for BCM system creation for our suppliers, with our specialists playing a central role.
A supply chain risk management service developed by the Fujitsu Group, the distribution of which began in FY 2013. It enables the evaluation and analysis of business partners' business continuity capability and predicts and assesses potential damage to their location of business on an individual-disaster level.
We have taken steps against new strains of influenza based on a three-fold influenza policy- to safeguard lives, to stop the spread of infection, and to ensure business continuity. We created a "Pandemic influenza Preparedness Action Plan " that stipulates preventive measures in everyday operations and the response process to be used if an outbreak occurs. We work to disseminate these to all employees through e-Learning and by distributing pamphlets. Also, to contribute to the continuity of social infrastructure businesses and the continuity of our customers' businesses should a pandemic occur or a particularly virulent new strain of influenza arise, we have established, and carry out training based on, a "Business Continuity Action Plan for Measures Against Pandemic influenza."
In FY 2012 we also reviewed the "Pandemic influenza Preparedness Action Plan " for the Fujitsu Group based on the government's revisions to the "Pandemic Influenza Preparedness Action Plan" and promulgation of the "Special Measures Act to Counter New Types of Influenza" in May 2012.
We developed and operate a systematic educational curriculum that aims for extensive risk management across the entire Group.
Through this curriculum, we inform our employees of our basic approach to risk management and the rules to be followed, and cite concrete examples to strengthen our employees' awareness of risk management and their ability to deal with risks. We also hold education and training programs as appropriate on issues such as information security, environmental problems, and natural disasters.
Share this page