Risk Management Guidelines
Through its global activities in the information technology sector, the Fujitsu Group continually seeks to increase its corporate value and to contribute to all stakeholders. Management places a high priority on properly assessing and dealing with any risks that threaten the achievement of our objectives. These include preventing the occurrence of these risk events, minimizing the impact of any such events that do occur and preventing recurrence. We have also built a risk management & compliance structure for the entire group and we are committed to its ongoing implementation and improvement.
Risk Management & Compliance Structure
To prevent potential risks of business-related loss from transforming into actual risks, and to respond appropriately to and prevent the recurrence of any risks, the Fujitsu Group has established a Risk Management & Compliance Committee. This committee acts as the highest-level decision-making body on matters involving risk management and compliance.
The committee also assigns Risk Management Compliance Officers to each of Fujitsu’s divisions and to group companies in Japan and overseas. In April 2016, we established Regional Risk Management & Compliance Committees. These organizations collaborate to build a risk management & compliance structure for the entire Fujitsu Group, thereby guarding against potential risks and mitigating risks that have already materialized.
The Risk Management & Compliance Committee is responsible for monitoring the progress of risk management and compliance in all Fujitsu business divisions and group companies in Japan and other countries. This committee is tasked with establishing the appropriate policies and processes, as well as implementing and continually improving them. In practical terms, it determines the risk management regulations and guidelines, then applies them and reviews them on an ongoing basis.
Risk Management Reviews
The Risk Management & Compliance Committee, which maintains regular communications with Risk Management Compliance Officers, identifies, analyzes and assesses the risks associated with business activities. It also checks the progress of measures designed to avoid, mitigate, transfer and accept major risks, and then formulates new measures or reviews existing measures. The committee reports regularly to the Board of Directors regarding major risks that have been identified, analyzed and assessed.
The committee also prepares processes for dealing with risks that have eventuated despite implementation of the various preventive measures. If a critical risk arises, such as a natural disaster, product fault or defect, system or service problem, compliance violation, information security breach or environmental problem, the department or group company concerned reports immediately to the Risk Management & Compliance Committee.
This committee then coordinates with the related departments and work sites to quickly resolve the problem by taking appropriate steps, such as establishing a task force. At the same time, the committee works to identify the causes of the problem and proposes and implements measures to prevent any recurrence. For critical risks, the committee also reports as needed to the Board of Directors. The Risk Management & Compliance Committee checks the progress of implementation of these processes on an ongoing basis and formulates improvements.
The Fujitsu Group identifies, analyzes and assesses the risks associated with business activities and works on measures to avoid or mitigate their impact and also to deal promptly with any issues that do occur.
|Major Business Risks（*1）|
- （*1）These are just some examples of the risks associated with doing business. More detailed risk-related information can be found in our securities and other reports.
Please refer to the web page below for detailed risk information in accordance with our Task Force on Climate-Related Financial Disclosures (TCFD) declaration.
“Response to Environmental Risks”
Risk Management Education
To enforce risk management across the entire Fujitsu Group, we conduct education and training at every level.
These programs are targeted at newly appointed executives and managers, as well as Risk Management Compliance Officers, and educate them on our basic approach to risk management and our rules for promptly escalating issues to the Risk Management & Compliance Committee. The programs present specific instances of problems with products, services, and information security, with the aim of continually improving participants’ awareness of risk management and enhancing their capacity to respond to risks.
Please refer to the “Results for FY2018” section at the end of this document for information on education outcomes for FY2018.
Group-Wide Disaster Management
The basic policy of Fujitsu and its group companies in Japan is to ensure the safety of staff and facilities when disasters occur, to minimize harm and to prevent secondary disasters. We also aim to ensure that business operations resume quickly, and that we can assist in disaster recovery for our customers and suppliers. To this end, we are building robust collaborative structures in our internal organizations and strengthening our capacity for business continuity.
In particular, we are working to build “area-based disaster management systems” that enable the group offices in each region to cooperate effectively and also to encourage responses via the management structures in each business unit and group company.
To verify the efficacy of our disaster management systems and enhance our response capabilities, we conduct drills tailored to every level, from the entire company through to task forces, workplaces and even individuals. We also implement voluntary inspections and verification activities to prevent accidents and minimize the level of harm in each of our facilities. These efforts enable us to accurately identify existing issues, review and implement measures to address those issues, and work toward continually improving our capacity to prepare for disasters and sustain our business operations.
For more information on our Group-wide disaster management, joint disaster response drills and verification activities, please refer to the PDF listed below in the activity outcomes for FY2018 in the “Results for FY2018” section at the end of this document.
Business Continuity Management
Recent years have seen a significant increase in the risk of unforeseen events that threaten continued economic and social activity. Such events include earthquakes, floods and other large-scale natural disasters, disruptive incidents or accidents, and pandemics involving infectious diseases.
To ensure that Fujitsu and its group companies in Japan can continue to provide a stable supply of products and services offering the high levels of performance and quality that customers require, even when such unforeseen circumstances occur, we have formulated a Business Continuity Plan (BCP). We are also promoting Business Continuity Management (BCM) as a way of continually reviewing and improving our BCP. Through the BCM process, the lessons learned in the course of the Great East Japan Earthquake and the 2016 Kumamoto earthquake are now reflected in our BCP.
For more information on our BCM activities, infectious disease countermeasures and BCM in our supply chain, please refer to the PDF listed below in the activity outcomes for FY2018 in the “Results for FY2018” section at the end of this document.
Risk Management Education
- Uses specific examples to illustrate key points that new executives need to take note of, including internal regulatory systems and issues relating to risk management and compliance.
- An e-learning course that covers areas such as the basic approach to risk management and the role of managers regarding risk management.
- Provides employees assigned to roles outside Japan with information and training in advance on Fujitsu’s risk management systems and the key points of overseas-specific risks and how to deal with those risks.
Disaster Management & BCM Training
- During Japan’s annual Disaster Preparedness Week, held every September, we conduct nationwide disaster response drills that incorporate mock disaster exercises. These drills are used to ensure and verify that Fujitsu and its group companies in Japan are fully versed in the essentials of dealing collaboratively with major disasters. (Proposed scenarios include “Tokyo Inland Earthquake” and “Nankai Trough Megathrust Earthquake”)