Through its global activities in the ICT industry, the Fujitsu Group continuously seeks to increase its corporate value, and to contribute to its customers, local communities and indeed all stakeholders. Properly assessing and dealing with the risks that threaten the achievement of our objectives, taking steps to prevent the occurrence of these risk events, and establishing measures to minimize the impact of such events if they do occur and to prevent their reoccurrence are assigned a high priority by management. Moreover, we have built a risk management and compliance system for the entire Group and are committed to its continuous implementation and improvement.
The Group identifies, analyzes and evaluates the risks that accompany business activities and works on measures to avoid or reduce them, and to deal with them quickly in the unlikely event that they materialize.
Major Business Risks*1
These are just some of the business risks. More detailed risk-related information can be found in our earnings report, securities reports and other published reports.
In order to prevent potential risks of loss in business execution from materialization, to respond aptly to materialized risks, and to prevent their recurrence, the Fujitsu Group has established a Risk Management and Compliance Committee under the Board of Directors. This committee acts as the highest-level decision-making body on matters involving risk management and compliance.
The Risk Management and Compliance Committee assigns Chief Risk and Compliance Officers to each of the Fujitsu Group’s divisions and Group companies in Japan and overseas. Also, we established Regional Risk Management and Compliance Committees in April 2016. These organizations work collaboratively with each other, building a risk management and compliance structure for the entire Fujitsu Group that encourages them to both guard against potential risks and mitigate risks that have already materialized.
The Risk Management & Compliance Committee is responsible for grasping the status of risk management and compliance in all Fujitsu business groups and Group companies in Japan and overseas, establishing the appropriate policies and processes, etc., and both implementing and continuously improving them. In practical terms, it decides on risk management regulations and guidelines, applies them and continuously reviews and improves them.
The Risk Management & Compliance Committee, which maintains regular communications with Chief Risk Compliance Officers, identifies, analyzes and evaluates the risks of business activities, and sets out and reviews the responsive measures, upon confirming the detailed measures intended to deal with major risks by averting, minimizing, transferring or retaining them. It also reports identified, analyzed, and evaluated important risks regularly to the Board of Directors.
The Risk Management Committee also prepares responses against the materialized risks despite the implementation of various preventive measures. If a critical risk such as a natural disaster, product breakdown or defect, a problem with a system or service, a compliance violation, an information security breach, or an environmental problem materializes, the department or Group company reports immediately to the Risk Management & Compliance Committee. The Risk Management & Compliance Committee coordinates with the related divisions and workplaces for rapid resolution of the problem by appropriate measures such as establishing a task force. At the same time, the Risk Management Committee strives to identify the causes of the problem and propose and implement solutions. Additionally, for critical risks, the committee also reports as appropriate to the Board of Directors.
The Risk Management & Compliance Committee continuously confirms the implementation status of these processes and works to make improvements.
To enforce risk management across the entire Fujitsu Group, we conduct education and training at every level.
Specifically, in activities aimed at newly appointed executives and managers as well as Chief Risk Compliance Officers, we are working to communicate our basic concepts on risk management and the rule for prompt escalation to the Risk Management and Compliance Committee; to introduce specific examples of troubles concerning products, services, and information security; and to continually improve awareness and strengthen response capabilities with regard to risk management.
Examples of education programs implemented in FY2016
The basic policy of the Fujitsu Group in Japan is to ensure the safety of staff and facilities when disasters occur, to minimize harm and to prevent secondary disasters. We also aim to ensure that business operations resume quickly, and that we can assist in disaster recovery for our customers and suppliers. To this end, we are working to build robust collaborative structures in our internal organizations and strengthen our capacity for business continuity.
In particular, we are working to build “area-based disaster management systems” that enable the businesses in a given region to cooperate effectively, and to promote responses that use the management structures in each business unit and group company.
To verify the efficacy of our disaster preparedness systems and enhance our response capabilities, we conduct drills tailored to every level, from the entire company through to task force, workplace and even the individual level. We also implement voluntary inspections and verification activities to prevent accidents and minimize the level of harm in each of our facilities.
These efforts enable us to accurately identify existing issues, consider and implement measures to address those issues, and work toward continually improving our capacity to prepare for disasters and sustain our business operations.
On Japan’s annual National Disaster Preparedness Day on September 1st, we carry out nationwide disaster response drills that incorporate mock disaster exercises. These drills are used to build a group-wide disaster preparedness organization to ensure and verify that the Group companies in Japan are fully versed in the essentials of dealing collaboratively with the various major disasters likely to impact the different regions.
FY2016 marks the 22nd year of systematic training drills for a potential major earthquake in Tokyo or along the Nankai trough. This year’s drills, which were held at around 90 companies including Fujitsu Headquarters, envisioned a “Hokuriku-Shin’etsu earthquake” affecting large numbers of customers and the Fujitsu Group companies.
In the course of these drills, we collaborated with the affected offices to identify key initial response measures and steps to allow continued business operation, and confirmed the measures needed to assist in restoring customers’ ICT systems. In addition, training was carried out at sites throughout Japan to verify the initial response procedures adopted by local recovery task forces immediately after a disaster (checking employee safety, assessing the extent of damage to work premises, rescue and aid activities, etc.).
These training exercises provide a channel for examining the issues identified and for improving the organization’s disaster preparedness and its capacity to sustain its business operations.
Joint inspections are conducted at facilities selected from among all the Fujitsu Group companies in Japan as being those most at risk and where any damage would have the greatest impact. These inspections are led in the field by teams drawn from internal departments for environmental management, facility management, risk management and the safe operation of manufacturing equipment and processes. The teams check that laws are being upheld and also conduct inspections and provide guidance intended to prevent accidents that could arise from aging infrastructure or from fires and other natural disasters. This serves to boost safety at the inspected facilities.
The sharing of case studies illustrating the improvements and the most successful disaster preparedness measures resulting from these inspections also helps to promote consistent safe operations throughout the entire Fujitsu Group in Japan.
Recent years have seen a significant increase in the risk of unforeseen events that threaten continued economic and social activity, such as earthquakes, floods and other large-scale natural disasters, disruptive incidents or accidents, and pandemics involving infectious diseases.
To ensure that we can continue to provide a stable supply of products and services offering the high levels of performance and quality that customers require even when such unforeseen circumstances occur, the Fujitsu Group in Japan has formulated a Business Continuity Plan (BCP) and also promotes Business Continuity Management (BCM) as a way of continuously reviewing and improving that BCP for establishing in the field. Through the BCM process, the lessons learned in the course of the Great East Japan Earthquake and the 2016 Kumamoto earthquake are now reflected in our BCP.
To fulfill our social responsibility as a company that supports social infrastructure, the Fujitsu Group companies in Japan organizes and analyzes business continuity issues at the business and site levels, and conducts ongoing training aimed at strengthening and improving our business continuity capability.
Our business continuity capability survey checks and assesses the level that Fujitsu units and Fujitsu Group companies in Japan have achieved in implementing management, education, and training in business continuity, and the level of their measures to resume business activities within the target recovery time objective.
The purpose of the business continuity capability surveys is to clarify the performance indicators (levels) to be achieved in the Fujitsu Group in Japan. By putting in place measures aimed at attaining those indicators, we are promoting appropriate BCM activities (workload and investment optimization) by the Fujitsu Group.
The Fujitsu Group in Japan is systematically training specialists in order to further promote, implement and improve BCM. With the support of the Company-wide Promotion Office, BCM specialists from each department practice actual BCM activities to understand the essence of BCP and to become able to appropriately perform BCM activities.
Looking ahead, we plan to promote BCM activities within units and companies, centered on specialists with practical experience, to improve the business continuity capability of the Fujitsu Group in Japan.
The Fujitsu Group in Japan is also formulating countermeasures against new strains of influenza and other infectious diseases based on a three-pronged approach of safeguarding lives, preventing the spread of infection, and ensuring business continuity. We created a "Pandemic influenza Preparedness Action Plan" that stipulates preventive measures in everyday operations and the response process to be used if an outbreak occurs. We work to disseminate these to all employees through e-Learning and by distributing pamphlets. To assist with the continued operation of social infrastructure businesses and of our customers' businesses in the event of a pandemic or a particularly virulent new strain of influenza, we have also formulated a "Business Continuity Plan for New Influenza Strains (BCP).”
In order to consistently supply products and services even under unforeseen circumstances, the Fujitsu Group has been continuously supporting the improvement of business continuity capability with our business partners since FY 2007, with the belief that it is essential to strengthen business continuity capability along our entire supply chain. With this in mind, the Fujitsu Group in Japan is promoting BCM activities throughout the entire supply chain, with efforts that include providing support for improvement of business continuity capability in our suppliers. Refer to the following for details:
“Enhancing Supply Chain BCM” with our suppliers