-
Sustainability at Fujitsu Group
-
Global Responsible Business
- Environment
-
- Environmental Management
- The Fujitsu Group Environmental Vision on Climate Change
- Living in Harmony with Nature (Conservation of Biodiversity)
- Environmental Action Plan
- Environmental Data
- Environmental Communication
- Environmental Social Activities
- Disposal and Recycling of ICT products
- Environmental Considerations in ICT Products
- Governance
-
Data and Documents
- Fujitsu Group Sustainability Data Book 2023
- Social, Governance and Environmental data
- Independent Assurance Report
- GRI Standards / United Nations Global Compact (UNGC) principles Comparison Table
- SASB Standards Comparison Table
- Sustainability Data Book Framework
- Link to regions responsible business reports
- Contact
- Sitemap
Risk Management
Guidelines & Structure
The Fujitsu Group aims to achieve business continuity, enhanced corporate value, and the sustainable development of corporate activities. Uncertainties that might affect the achievement of these objectives are considered to be risks. To address these risks, the Fujitsu Group established a Risk Management & Compliance Committee based on the Policy on the Internal Control System determined by the Board of Directors.
The Committee reports directly to the Board of Directors and oversees risk management and compliance for the entire Fujitsu Group.
The Risk Management & Compliance Committee is chaired by the CEO and is composed of Board Members. Its primary function is to continually assess and verify risks that could potentially lead to losses for the Fujitsu Group. The Committee proactively implements measures to control risks identified during the course of business operations (potential risk management). Additionally, the Committee regularly analyzes realized risks to minimize losses, reporting them to the Board of Directors and working to prevent their recurrence (materialized risk management).
The Risk Management & Compliance Committee has established Regional Risk Management & Compliance Committees in each region that forms part of the global, region-based business execution structure. These regional committees operate as subcommittees. The Risk Management & Compliance Committee has deployed Risk Management & Compliance Officers to Business units (First line), as well as to Group companies and regions, both in Japan and overseas. Together, these entities collaborate to build a structure that promotes risk management and compliance throughout the Group.
To further strengthen the Group’s risk management capabilities, the company has established the Corporate Risk Management Office (Second line), a department which reports directly to the CEO and is independent of the business divisions. The Committee’s secretariat function is provided by the Corporate Risk Management Office and is supervised by the Chief Risk Management Officer (CRMO). The Secretariat monitors overall risk information, providing rapid and appropriate responses. In June 2023, the company appointed a Chief Quality Officer (CQO) to ensure prompt implementation of corporate policies and support for information security and system quality, as well as thorough risk management under the CEO’s direction. The CQO convenes a monthly meeting of the Risk Management & Compliance Committee to ensure the swift and effective implementation of corporate policies.
To check that the risk management and compliance system is functioning properly, the company conducts annual audits by corporate auditors, internal audits by audit departments (Third line), and external audits by an auditing firm.
Processes
Potential Risk Management Process
- Identification and review of important risks of the Fujitsu Group
The Risk Management & Compliance Committee Secretariat (Corporate Risk Management Office, Second line) identifies and reviews the 16 important risks considered important to the Group, taking into account environmental changes affecting the Group. Risk scenarios are defined for each important risk, and they are classified into pure risk and management risk. - Appointment of risk management departments (Second line)
A risk management department is assigned to each important risk, and is responsible for maintaining control over that specific risk. - Evaluation of risks to the Fujitsu Group
Risk management departments, Business units, and Group companies evaluate the impact of each important risk, the likelihood of its occurrence, and the status of mitigation measures.
We select the risks that must be actively taken to achieve the Group's business strategies and goals, and those that must be actively avoided. - Ranking and mapping of important risks
Based on the evaluation results of the Group, we rank important risks and create risk maps to visualize their importance. High priority risks are determined based on their importance. - Risk Management & Compliance Committee Report
Analyses are conducted based on the evaluation findings, and mitigation policies are discussed and determined to address important risks to the Group. - Issuing of corrective instructions to Business units and Group companies
Based on the evaluation results, feedback is provided to Business units and Group companies, advising them on improvements. - Risk monitoring within Business units divisions and Group companies
Regular risk monitoring is implemented within Business units and Group companies to assess the status of mitigation measures and reduce risk exposure.
Addressing Materialized Risks
- Risk management regulations mandate rules (such as prompt escalation to the Risk Management & Compliance Committee) and require employees to be informed accordingly.
- Establish escalation rules for Business units and Group companies, and deploy promptly, based on risk management standards and rules for escalating risks to the Risk Management & Compliance Committee.
- Analyze risks and deploy mitigation measures, and report to the Board of Directors as necessary, to prevent recurrence. By cycling through this risk management process and having the risk management departments check it every six months, we aim to reduce risks across the Fujitsu Group and to minimize the impact when risks emerge.
High Priority Risks
Considering the findings from evaluations conducted in the Potential Risk Management Process and the status of materialized risks, we have chosen to focus on high priority risks based on their impact on achieving the Group's business strategies and goals. Consequently, we have identified the following two important risks as high priority for FY2023 and FY2024:
- Security risks
- Deficiencies or flaws in products and services
Important risks of the Group *1
No. | Classification | Risk Category |
---|---|---|
1 | Pure risk | Security risks |
2 | Pure risk | Risks of natural disasters and unforeseen Incidents |
3 | Pure risk | Compliance risks |
4 | Management risk | Financial risks |
5 | Management risk | Intellectual property risks |
6 | Pure risk | Risks related to environment and climate change |
7 | Management risk | Risks related to suppliers, alliances, etc |
8 | Management risk | Customer risks |
9 | Management risk | Risks related to competitors and industries |
10 | Pure risk | Deficiencies or flaws in products and services |
11 | Management risk | Risks related to public regulation, public policy and tax matters |
12 | Management risk | Risks related to human resources |
13 | Pure risk | Human rights risks |
14 | Management risk | Risks related to economic and financial market trends |
15 | Management risk | Risks related to investment decisions and business restructuring |
16 | Pure risk | Risks related to the Fujitsu Group facilities and systems |
- *1These are just some examples of the risks associated with doing business. More detailed risk-related information can be found in our securities and other reports.
https://pr.fujitsu.com/jp/ir/secreports/
Please refer to the web page below for detailed risk information in accordance with our Task Force on Climate-related Financial Disclosures (TCFD) declaration.
“Response to Environmental Risks”
https://www.fujitsu.com/global/about/environment/risk/
Risk Management Education, etc.
To enforce risk management across the entire Fujitsu Group, we conduct education and training at every level.
These programs are targeted at newly appointed executives and managers, as well as others, to educate them on our basic approach to risk management and our rules for promptly escalating issues to the Risk Management & Compliance Committee. The programs present specific instances relating to products, services, and information security, with the aim of continually improving participants’ awareness of risk management and enhancing their capacity to respond to risks.
Furthermore, by incorporating risk management into employee evaluation indicators, the risk management departments aim to not only link evaluations to financial incentives, but also enhance the organization’s risk responsiveness by improving its risk management skills.
Refer to the “FY2023 Performance” section for information on education outcomes for FY2023.
Group-Wide Disaster Management
The basic policy of Fujitsu and its group companies in Japan is to ensure the safety of staff and facilities when disasters occur, to minimize harm and to prevent secondary disasters. We also aim to ensure that business operations resume quickly, and that we can assist in disaster recovery for our customers and suppliers. To this end, we are building robust collaborative structures in our internal organizations and strengthening our business continuity capabilities.
In addition to supporting our customers through the management structure in each business unit and group company, the Fujitsu Group is building ‘area-based disaster management systems’ in each region for working in cooperation with and responding to customers.
To verify the efficacy of our disaster management systems and enhance our response capabilities, we conduct drills tailored to every level, from the entire company through to task forces, workplaces, and employees. We also implement voluntary inspections and verification activities to prevent accidents and minimize the level of harm in each of our facilities. These efforts enable us to accurately identify existing issues and review and implement measures to address those issues, thereby allowing us to work toward continually improving our capacity to prepare for disasters and sustain our business operations.
For more information on our Group-wide disaster management, joint disaster response drills and verification activities, please refer to the PDF listed below, and for activity outcomes for FY2023 refer to the “FY2023 Performance” section.
Business Continuity Management
Recent years have seen a myriad of risks that threaten continued economic and social activity. Such events include earthquakes, floods and other large-scale natural disasters, disruptive incidents and accidents, and pandemics involving infectious diseases. To ensure that Fujitsu and its group companies can continue to provide a stable supply of products and services offering the high levels of performance and quality that customers require, even when such unforeseen circumstances occur, we have formulated a Business Continuity Plan (BCP). We are also promoting Business Continuity Management (BCM) as a way of continually reviewing and improving our BCP.
Regarding the COVID-19 pandemic, to maintain the safety of its customers, suppliers and employees, and their families, the Fujitsu Group placed the highest priority on preventing the spread of the infection. It is also promoted initiatives to sustain the supply of products and services to customers and to help resolve the many societal issues that arose due to the spread of the infection.
For more information on our BCM activities, infectious disease countermeasures and BCM in our supply chain, please refer to the PDF listed below, and for activity outcomes for FY2023 refer to the “FY2023 Performance” section.
FY2023 Performance
Risk Management Education
- Uses specific examples to illustrate key points that new executives need to take note of, including internal regulatory systems and issues relating to risk management and compliance.
- Providing e-learning in various fields, including risk management, for non-executive and executive directors. In addition, individual sessions on risk management for non-executive directors were held by executive officers in charge.
- An e-Learning course that covers areas such as the basic approach to risk management and the role of managers regarding risk management.
- Implemented e-Learning on risk management in general (information security, compliance, etc.)
- These forums are targeted at Fujitsu Group staff responsible for disaster management and business continuity in Japan. They offer an opportunity for participants to share knowledge with the aim of improving our on-site responses to large-scale disasters.
Serious Incident Response Training
- Implement the flow of initial response when an information security incident occurs by connecting Japan and overseas regions in real time, and confirm and verify the incident response process including cooperation/information sharing within the region and with the head office, customer response, response to personal information leakage, and media response. Strengthen incident response capabilities and inter-organizational cooperation in overseas regions by identifying issues through training and making continuous improvements.
Disaster Management & BCM Training
- These drills are used to ensure and to verify that Fujitsu and its group companies in Japan are fully versed in the essentials of dealing collaboratively with major disasters. (Proposed scenarios include “Tokyo Inland Earthquake” and “Nankai Trough Megathrust Earthquake”.)
- A remote work-from-home training exercise centered on a hypothetical pandemic scenario was implemented for all our employees around the globe. The objective was to raise the awareness of each employee involved in business continuity, and measure the business continuity capabilities of the organization as a whole. In addition, the feedback on the findings of the BCP survey that was conducted will help improve the Fujitsu Group's BCP.