Guidelines & Structure
The Fujitsu Group aims to achieve business continuity, enhanced corporate value, and the sustainable development of corporate activities. Uncertainties that might affect the achievement of these objectives are considered to be risks. To address these risks, the Fujitsu Group established a Risk Management & Compliance Committee based on the Policy on the Internal Control System determined by the Board of Directors. The Committee reports directly to the Board of Directors and oversees risk management and compliance for the entire Fujitsu Group.
Chaired by the CEO and composed of Board Members, the Risk Management & Compliance Committee continually assesses and verifies risks that could result in losses to the Fujitsu Group and implements risk control measures such as formulating preventive measures for materialized risks in business execution. To minimize losses arising from the materialization of risks, and in an effort to prevent their recurrence, the Committee regularly analyzes the risks that have materialized and reports to the Board of Directors.
In addition, the Risk Management & Compliance Committee has established a Regional Risk Management & Compliance Committee in each region outside of Japan to operate as subordinate committees in a global structure. The committee also assigns Risk Management & Compliance Officers to the business units, group companies and regions for both Japan and overseas. These organizations collaborate to build a risk management and compliance structure for the entire group.
Furthermore, to strengthen the risk management functions of the Fujitsu Group, we created the Corporate Risk Management Office, which reports directly to the CEO and is independent of the business units. This body carries out the secretariat functions of the Risk Management & Compliance Committee and, under the leadership of the Chief Risk Management Officer (CRMO), is responsible for interpreting risk-related information and spearheading rapid, appropriate responses where required.
Based on the initiatives taken to date, we have appointed a Chief Quality Officer (CQO) as the person responsible for quality for the entire Group, as we believe that Company-wide and cross-organizational measures led by top management are more essential than ever to further strengthen measures and ensure effectiveness. Furthermore, we have enhanced the structure and functions of our Risk Management & Compliance Committee, chaired by the CEO, and have strengthened this framework to ensure constant and thorough Company-wide responses.
Specifically, the CQO will be included as a member of this committee, which has been the venue for deliberations on important risk compliance issues related to the Fujitsu Group. This framework was established in which concrete measures are determined and promptly implemented, including Company-wide measures related to information security and system quality, as well as responses to individual events. By establishing such a framework, we could thoroughly implement risk management led by the CEO, assigning more strengthened authority than ever to the CISO and CQO to supervise the process, including different CxO areas such as personnel systems and investment resources. Additionally, to ensure the rapid and effective implementation of measures, the committee is held every month.
|Main Business Risks *|
- *These are just some examples of the risks associated with doing business. More detailed risk-related information can be found in our securities and other reports.
Please refer to the web page below for detailed risk information in accordance with our Task Force on Climate-related Financial Disclosures (TCFD) declaration.
“Response to Environmental Risks”
After identifying and reviewing the key risks associated with business activities from among the various risks around the Fujitsu Group’s operations, every year we investigate, analyze, assess, and visualize the possibility of key risks occurring, the potential impact, the status of measures, and so on.
Based on the assessment outcomes, the Risk Management & Compliance Committee confirms the key risks, issues instructions on further measures, and reports to the Board of Directors. The policies and measures determined by the committee are fed back to the entire Group, and the risk management departments established for each key risk then appropriately manage the measures across the Group as part of efforts to minimize risks.
Information obtained through the potential risk management process is disclosed to stakeholders via such documents as securities reports and the Fujitsu Group Sustainability Data Book.
In addition, when a risk materializes, the committee has established mandatory rules such as rapid escalation to the Risk Management & Compliance Committee in accordance with risk management regulations, and ensures that all employees are aware of these regulations to raise awareness of risk management.
By implementing such process and confirming by the risk management department on a quarterly basis, we aim to reduce risks across the Fujitsu Group and to minimize the impact when risks become apparent.
Risk Management Education
To enforce risk management across the entire Fujitsu Group, we conduct education and training at every level.
These programs are targeted at newly appointed executives and managers, as well as others, to educate them on our basic approach to risk management and our rules for promptly escalating issues to the Risk Management & Compliance Committee. The programs present specific instances relating to products, services, and information security, with the aim of continually improving participants’ awareness of risk management and enhancing their capacity to respond to risks.
Refer to the “FY2022 Performance” section for information on education outcomes for FY2022.
Group-Wide Disaster Management
The basic policy of Fujitsu and its group companies in Japan is to ensure the safety of staff and facilities when disasters occur, to minimize harm and to prevent secondary disasters. We also aim to ensure that business operations resume quickly, and that we can assist in disaster recovery for our customers and suppliers. To this end, we are building robust collaborative structures in our internal organizations and strengthening our business continuity capabilities.
In particular, we are working to build “area-based disaster management systems” that enable the Group offices in each region to cooperate effectively and to promote responses via the management structures in each business unit and group company.
To verify the efficacy of our disaster management systems and enhance our response capabilities, we conduct drills tailored to every level, from the entire company through to task forces, workplaces and even individuals. We also implement voluntary inspections and verification activities to prevent accidents and minimize the level of harm in each of our facilities. These efforts enable us to accurately identify existing issues and review and implement measures to address those issues, thereby allowing us to work toward continually improving our capacity to prepare for disasters and sustain our business operations.
For more information on our Group-wide disaster management, joint disaster response drills and verification activities, please refer to the PDF listed below, and for activity outcomes for FY2022 refer to the “FY2022 Performance” section.
Business Continuity Management
Recent years have seen a significant increase in the risk of unforeseen events that threaten continued economic and social activity. Such events include earthquakes, floods and other large-scale natural disasters, disruptive incidents or accidents, and pandemics involving infectious diseases. To ensure that Fujitsu and its group companies in Japan can continue to provide a stable supply of products and services offering the high levels of performance and quality that customers require, even when such unforeseen circumstances occur, we have formulated a Business Continuity Plan (BCP). We are also promoting Business Continuity Management (BCM) as a way of continually reviewing and improving our BCP.
Regarding the COVID-19 pandemic, to maintain the safety of its customers, suppliers and employees, and their families, the Fujitsu Group has placed the highest priority on preventing the spread of the infection. It is also promoting initiatives to sustain the supply of products and services to customers and to help resolve the many societal issues that have arisen due to the spread of the infection.
For more information on our BCM activities, infectious disease countermeasures and BCM in our supply chain, please refer to the PDF listed below, and for activity outcomes for FY2022 refer to the “FY2022 Performance” section.
Risk Management Education
- Uses specific examples to illustrate key points that new executives need to take note of, including internal regulatory systems and issues relating to risk management and compliance.
- An e-learning course that covers areas such as the basic approach to risk management and the role of managers regarding risk management.
- These forums are targeted at Fujitsu Group staff responsible for disaster management and business continuity in Japan. They offer an opportunity for participants to share knowledge with the aim of improving our on-site responses to large-scale disasters.
Serious Incident Response Training
- By training through implementing and verifying a series of flows relating to initial responses to an information security incident, we aim to accelerate our incident response capability.
- We assess the impact of product and service problems and conduct simulated responses with external parties. This includes confirming and verifying the collaboration process between organizations, identifying issues, and undertaking continuous improvements.
Disaster Management & BCM Training
Joint disaster response drills: The FY2022 theme for Japan’s annual nationwide disaster response drills that incorporate mock disaster exercises was the “Nankai Trough Megathrust Earthquake”. These drills are used to ensure and to verify that Fujitsu and its group companies in Japan are fully versed in the essentials of dealing collaboratively with major disasters. (Proposed scenarios include “Tokyo Inland Earthquake” and “Nankai Trough Megathrust Earthquake”.)