Policy

The SMM Group engages in risk management (RM) under the following Six Principles established for Maximizing Corporate Value.

  1. Compliance is the foundation/li>
  2. The organizational leader confronting the risk is the responsible party/li>
  3. Awareness of risk must be shared among all parties involved/li>
  4. Adopt an RM approach in daily work/li>
  5. Recognize that risks can materialize/li>
  6. Coordinate risk responses with other management systems

Framework

Risk Management Framework

The president as the person with the ultimate responsibility for risk management at the SMM Group formulates RM policy as a part of his fiscal year policy. Based on this policy each business site formulates a fiscal year RM action plan and conducts RM activities. These activities are checked and reviewed by RM internal audits and RM patrols. For major risks that would cause serious damage if they materialize and require action across the entire SMM Group (SMM Group-Wide Serious Risks), a group-wide Crisis Management Framework has been built to appropriately respond to the damage and impact of these risks. Through repeated training we are enhancing our ability to respond to such situations.
These activities are in place as the SMM Group RM system (RMS).

Diagram of Six Requirements for Achieving the Purpose of Risk Management

図:Maximization of Corporate Value

Initiatives

Individual Risks and Daily RM Activities

Daily RM activities involve identifying and assessing individual potential risks, according to the change in the circumstances, and taking the appropriate action. These activities identify the risks, shown on the next page, at each site, resulting in more than 1,400 cases in total currently registered in the RM system. On a daily basis, as a means of reducing risk, in cases whereby there are changes to the environment and conditions that serve as prerequisites for identified risks, such as business environments, work environments, people, equipment, work procedures, and quality standards, these registered risks are reviewed and updated, or new risks are added. A periodical risk review is also undertaken during the RM Promotion Campaign every September.

The FY2020 RM Policy and Activities

The FY2021 RM policy is the same as that prescribed in FY2019, “Identify and address risks that hinder executing the business plan and reaching its goals as usual work.” The key RM activities are prescribed as “The business plan and risk countermeasures will be revised as appropriate using a PDCA cycle taking into consideration changes in the external environment (such as changes associated with the COVID-19 pandemic, the global push toward decarbonization, and increasingly severe natural disasters). In FY2020, as a particular risk hindering achievement of business plan goals, we tackled the risk posed by the spread of COVID-19. However, in the face of prolonged infection control measures, a variety of changes occurred, including a shift to teleworking. In addition, the push toward decarbonization is accelerating, and natural disasters such as storms and floods are becoming more severe. To prevent risks from materializing as a result of these changes, or to minimize the impact or damage when they do materialize, each of these changes must be managed appropriately. Through a process of PDCA, appropriate changes will be made to the approach used thus far, and after the changes have been made their effectiveness will be evaluated and further changes made as necessary.
In tandem with the infectious disease measures, activities are being led by top management to prevent issues such as compliance breaches, environmental accidents, occupational accidents, and quality issues, to ensure success and achievement of goals in new business and projects.

Other RM Activities

Each site enacts measures against natural disasters, such as earthquakes, tsunamis, floods, soil liquefaction, landslides, and volcanic eruptions, in accordance with each site’s hazard level, working to reinforce buildings against earth-quakes, maintain embankments, enhance drainage capabilities, add more water storage tanks, stockpile emergency rations, maintain emergency supplies. In addition, each site engages in drills to prepare for earthquakes, fires, and environmental accidents, as well as terrorism, riots, and kidnappings at overseas locations. These drills are planned to deal with problems such as lack of experience handling materials and machinery, insufficient understanding of rules and procedures, insufficient manuals, as well as to improve the decision-making abilities of members at countermeasures headquarters.
Measures for the COVID-19 pandemic included revision of the SMM business continuity plan (BCP), utilization of emergency supplies, measures to support expatriate employees and their families, limiting employee movement along with activities such as travel to and from work, business trips, postponing participation in meetings and events, working from home, and self-restraint in going out (staying at home). We implement drills to review the measures taken thus far and enhance our crisis response capacity through such means as improving manuals after verifying the con-tent of each measure.

Information Security Measures

At the SMM Group, information technology is a key component of our management structure. Thus, we see the threat represented by cyber security risks as a management risk. In addition to the above risk management activities, we implement the following measures in line with the Cybersecurity Management Guidelines of the Ministry of Economy, Trade and Industry.

1. Defense against threats from cyberspace

Cybersecurity threats are becoming greater due to changes in the environment such as the increase in teleworking and use of cloud computing. We are working to move from conventional security measures to a framework that enables safe use of internal and external systems in any usage environment (Zero Trust network).

2. Preventing leaks of personal information

We prevent leaks of personal information by stipulating company regulations on protecting personal information and selecting a manager responsible for protecting personal information.

3. Preventing leaks of customer, third-party and company confidential information

Regarding the handling of digital files, leaks are prevented by strictly managing access to servers storing digital files, as well as by educating employees on information security. Also, particularly important information is protected by encryption.

Main envisaged risks:

  • Explosions and fires
  • Environmental pollution
  • Natural disasters
  • Legal violations
  • Quality failure
  • Occupational accidents
  • Terrorism / abduction
  • Pandemics
  • Supply chain disruptions
  • Information leaks
  • Damage from harmful rumors
  • Violation of intellectual property rights
  • Other risks include those originating from moral misconduct, such as fraudulent accounting, human rights issues, and malfeasance.