The SMM Group engages in risk management (RM) under the following Six Principles established for Maximizing Corporate Value.
- Compliance is the foundation
- The organizational leader confronting the risk is the responsible party
- Awareness of risk must be shared among all parties involved
- Adopt an RM approach in daily work
- Recognize that risks can materialize
- Coordinate risk responses with other management systems
Risk Management Framework
The president as the person with the ultimate responsibility for risk management at the SMM Group formulates RM policy as a part of his fiscal year policy. Based on this policy each business site formulates a fiscal year RM action plan and conducts RM activities. These activities are checked and reviewed by RM internal audits and RM patrols. For major risks that would cause serious damage if they materialize and require action across the entire SMM Group (SMM Group-Wide Serious Risks), a group-wide Crisis Management Framework has been built to appropriately respond to the damage and impact of these risks. Through repeated training we are enhancing our ability to respond to such situations. These activities are in place as the SMM Group RM system (RMS).
Individual Risks and Daily RM Activities
Daily RM activities in each site as part of usual work tasks involve identifying and assessing individual potential risks, according to the change in the circumstances, and taking the appropriate action. These activities identify the risks, shown on the left, at each site, resulting in more than 1,400 individual risks currently registered in the RM system. On a daily basis, as a means of reducing risk, in cases whereby there are changes to the environment and conditions that serve as prerequisites for identified risks, such as business environments, work environments, people, equipment, work procedures, and quality standards, these registered risks are reviewed and updated, or new risks are added. A periodical risk review is also undertaken during the RM Promotion Campaign every September.
The FY2020 RM Policy and Activities
The FY2020 RM policy is the same as that prescribed in FY2019, “Identify and address risks that hinder executing the business plan and reaching its goals as usual work.” Meanwhile, the key RM activities are prescribed as “The business plan and risk countermeasures will be revised as appropriate using a PDCA cycle taking into consideration changes impacting execution of the business plan and the achievement status of business plan goals.” In FY2020, a particular risk hindering achievement of business plan goals is the risk from COVID-19 that has spread globally since its outbreak in Wuhan, China at the end of 2019. As infectious disease measures become protracted, various changes can be expected. To prevent risks from materializing as a result of these changes, or to minimize the impact or damage when they do materialize, each of these changes must be managed appropriately. Through a process of PDCA, appropriate changes will be made to the approach used thus far, and after the changes have been made their effectiveness will be evaluated and further changes made as necessary.
In tandem with the infectious disease measures, activities are being led by top management to prevent issues such as compliance breaches, environmental accidents, occupational accidents, and quality issues, to ensure success and achievement of goals in new business and projects.
Other RM Activities
Each site enacts measures against natural disasters, such as earthquakes, tsunamis, floods, soil liquefaction, landslides, and volcanic eruptions, in accordance with each site’s hazard level, working to reinforce buildings against earthquakes, maintain embankments, enhance drainage capabilities, add more water storage tanks, stockpile emergency rations, maintain emergency supplies. In addition, each site engages in drills to prepare for earthquakes, fires, and environmental accidents, as well as terrorism, riots, and kidnappings at overseas locations. These drills are planned to deal with problems such as lack of experience handling materials and machinery, insufficient understanding of rules and procedures, insufficient manuals, as well as to improve the decision-making abilities of members at countermeasures headquarters.
Measures for the COVID-19 pandemic included revision of the SMM business continuity plan (BCP), utilization of emergency supplies, measures to support expatriate employees and their families, limiting employee movement along with activities such as travel to and from work, business trips, postponing participation in meetings and events, working from home, and self-restraint in going out (staying at home). We will improve our risk management capacity such as by improving the manual and verifying the content of each measure such as through drills.
Information Security Measures
At the SMM Group, information technology is a key component of our management structure. Thus, we see the threat represented by cyber security risks as a management risk. In addition to the above risk management activities, we implement the following measures in line with the Cybersecurity Management Guidelines of the Ministry of Economy, Trade and Industry.
1. Defense against threats from cyberspace
We prevent external attacks on the SMM Group such as computer viruses, cyberattacks and malware by limiting the number of internet connections and taking multi-layered security measures.
2. Preventing leaks of personal information
We prevent leaks of personal information by stipulating company regulations on protecting personal information and selecting a manager responsible for protecting personal information
3. Preventing leaks of customer, third-party and company confidential information
Regarding the handling of digital files, leaks are prevented by strictly managing access to servers storing digital files, as well as by educating employees on information security. Also, particularly important information is protected by encryption.
Main envisaged risks:
- Explosions and fires
- Environmental pollution
- Natural disasters
- Legal violations
- Quality failure
- Occupational accidents
- Terrorism / abduction
- Supply chain disruptions
- Information leaks
- Damage from harmful rumors
- Violation of intellectual property rights
- Other risks include those originating from moral misconduct, such as fraudulent accounting, human rights issues, and malfeasance.