Risk Management Guidelines
Through its global activities in the information technology sector, the Fujitsu Group continually seeks to increase its corporate value and to contribute to all stakeholders, particularly its customers and regional communities. Management places a high priority on properly assessing and dealing with any risks that threaten the achievement of our objectives. These include preventing the occurrence of these risk events, minimizing the impact of any such events that do occur and preventing recurrence. We have also built a risk management & compliance structure for the entire group and we are committed to its ongoing implementation and improvement.
Risk Management & Compliance Structure
To prevent potential risks of business-related loss from transforming into actual risks, and to respond appropriately to and prevent the recurrence of any risks, the Fujitsu Group has established a Risk Management & Compliance Committee. This committee is under the direct control of the Board of Directors and acts as the highest-level decision-making body on matters involving risk management and compliance.
The committee also assigns Risk Management Compliance Officers to each of Fujitsu’s divisions and to group companies in Japan and overseas. In April 2016, we established Regional Risk Management & Compliance Committees. These organizations collaborate to build a risk management & compliance structure for the entire Fujitsu Group, thereby guarding against potential risks and mitigating risks that have already materialized.
The Risk Management & Compliance Committee is responsible for monitoring the progress of risk management and compliance in all Fujitsu business divisions and group companies in Japan and other countries. This committee is tasked with establishing the appropriate policies and processes, as well as implementing and continually improving them. In practical terms, it determines the risk management regulations and guidelines, then applies them and reviews them on an ongoing basis.
Risk Management Reviews
The Risk Management & Compliance Committee, identifies, analyzes and assesses the key risks associated with business activities in all Fujitsu business divisions and group companies in Japan and other countries. (Among the group companies, implementation is focused on 33 risks identified as particularly important.) It also checks the progress of measures designed to avoid, mitigate, transfer and accept such risks, and then formulates new measures or reviews existing measures. The committee reports regularly to the Board of Directors regarding major risks that have been identified, analyzed and assessed, presenting the risks in a visually accessible format by ranking and mapping them.
The committee also prepares processes for dealing with risks that have eventuated despite implementation of the various preventive measures. If a critical risk arises, such as a natural disaster, product fault or defect, system or service problem, compliance violation, information security breach or environmental problem, then the department or group company concerned reports immediately to the Risk Management & Compliance Committee.
This committee then coordinates with the related departments and work sites to quickly resolve the problem by taking appropriate steps, such as establishing a task force. At the same time, the committee works to identify the causes of the problem and proposes and implements measures to prevent any recurrence. For critical risks, the committee also reports as needed to the Board of Directors. The Risk Management & Compliance Committee checks the progress of implementation of these processes on an ongoing basis and formulates improvements.
The Fujitsu Group identifies, analyzes and assesses the risks associated with business activities and works on measures to avoid or mitigate their impact and to deal promptly with any issues that do occur.
|Main Business Risks（*1）|
- （*1）These are just some examples of the risks associated with doing business. More detailed risk-related information can be found in our securities and other reports.
Please refer to the web page below for detailed risk information in accordance with our Task Force on Climate-related Financial Disclosures (TCFD) declaration.
“Response to Environmental Risks”
Risk Management Education
To enforce risk management across the entire Fujitsu Group, we conduct education and training at every level.
These programs are targeted at newly appointed executives and managers, as well as Risk Management Compliance Officers, to educate them on our basic approach to risk management and our rules for promptly escalating issues to the Risk Management & Compliance Committee. The programs present specific instances of problems with products, services, and information security, with the aim of continually improving participants’ awareness of risk management and enhancing their capacity to respond to risks.
Refer to the “FY2019 Performance” section at the end of this document for information on education outcomes for FY2019.
Group-Wide Disaster Management
The basic policy of Fujitsu and its group companies in Japan is to ensure the safety of staff and facilities when disasters occur, to minimize harm and to prevent secondary disasters. We also aim to ensure that business operations resume quickly, and that we can assist in disaster recovery for our customers and suppliers. To this end, we are building robust collaborative structures in our internal organizations and strengthening our business continuity capabilities.
In particular, we are working to build “area-based disaster management systems” that enable the Group offices in each region to cooperate effectively and to promote responses via the management structures in each business unit and group company.
To verify the efficacy of our disaster management systems and enhance our response capabilities, we conduct drills tailored to every level, from the entire company through to task forces, workplaces and even individuals. We also implement voluntary inspections and verification activities to prevent accidents and minimize the level of harm in each of our facilities. These efforts enable us to accurately identify existing issues, review and implement measures to address those issues, and work toward continually improving our capacity to prepare for disasters and sustain our business operations.
For more information on our Group-wide disaster management, joint disaster response drills and verification activities, refer to the PDF listed below in the activity outcomes for FY2019 in the “FY2019 Performance” section at the end of this document.
Business Continuity Management
Recent years have seen a significant increase in the risk of unforeseen events that threaten continued economic and social activity. Such events include earthquakes, floods and other large-scale natural disasters, disruptive incidents or accidents, and pandemics involving infectious diseases. To ensure that the Fujitsu and its group companies in Japan can continue to provide a stable supply of products and services offering the high levels of performance and quality that customers require, even when such unforeseen circumstances occur, we have formulated a Business Continuity Plan (BCP). We are also promoting Business Continuity Management (BCM) as a way of continually reviewing and improving our BCP.
Since January 2020, COVID-19 has spread throughout the world with devastating consequences. To maintain the safety of its customers, suppliers and employees, the Fujitsu Group has placed the highest priority on preventing the spread of the infection. It is also promoting initiatives to sustain the supply of products and services to customers and to help resolve the many societal issues that have arisen due to the spread of the infection. Specific initiatives include recommending that employees work from home or stagger their working hours, switching internal company meetings and events to videoconference format or other web-based sessions, and putting in place a set of countermeasures in cooperation with customers and government agencies in Japan and elsewhere. Through such measures, our goal is to maintain key business operations and meet our social responsibilities even while the infection remains uncontained.
For more information on our BCM activities, infectious disease countermeasures and BCM in our supply chain, please refer to the PDF listed below in the activity outcomes for FY2019 in the “FY2019 Performance” section at the end of this document.
Risk Management Education
- Uses specific examples to illustrate key points that new executives need to take note of, including internal regulatory systems and issues relating to risk management and compliance.
- An e-learning course that covers areas such as the basic approach to risk management and the role of managers regarding risk management.
- These seminars aim to share the latest updates from the Risk Management & Compliance Committee with the Risk Management Compliance officers and their assistants. The objective is for the information to be used for education and in other measures implemented by Fujitsu business divisions and group companies.
- These forums are targeted at Fujitsu Group staff responsible for disaster management and business continuity in Japan. They offer an opportunity for participants to share knowledge with the aim of improving our on-site responses to large-scale disasters.
- Provides employees assigned to roles outside Japan with information and training in advance on Fujitsu’s risk management systems, and the key points of overseas-specific risks and how to deal with those risks.
Disaster Management & BCM Training
- During Japan’s annual Disaster Preparedness Week, held every September, we conduct nationwide disaster response drills that incorporate mock disaster exercises. These drills are used to ensure and to verify that Fujitsu and its group companies in Japan are fully versed in the essentials of dealing collaboratively with major disasters. (Proposed scenarios include “Tokyo Inland Earthquake” and “Nankai Trough Megathrust Earthquake”.)