Risk Management System
The UACJ Group Basic Policy on Risk Management presented below provides the foundation for the Group’s risk management activities on a daily basis and under risk conditions. The President serves as the Chief Risk Management Officer.
UACJ Group Basic Policy on Risk Management
- Matters that the UACJ Group considers risks
The matters that the UACJ Group considers risks refer to not only events that may directly lead to damage or loss, such as natural disasters, accidents related to operation, compliance violations, and sudden changes of the market environment, but also all events that will cause the UACJ Group’s corporate philosophy of contributing to society by using raw materials to manufacture products that enhance prosperity and sustainability, including opportunities for future revenue and growth, to be uncertain.
- The UACJ Group’s risk management and the purposes of that risk management
We, the board members and employees of the UACJ Group, will understand the activities stipulated below as risk management and engage in those activities with participation by all members for the purpose of causing the UACJ Group’s business to continuously grow and develop.
- (1) Risk management in normal times
Sensitivity to risks will be increased beginning in normal times, the details of the risks will be accurately ascertained (visualizing risks), and we will take the initiative to conduct management ourselves in order to keep the effects of risks within an acceptable scope (making risk management our own issue = ownership).
- (2) Risk management in an emergency
In the event that a risk has emerged, we will follow the order of priority below to make a judgment about what is correct as the UACJ Group and strive to quickly remedy the situation from our respective posts.
- (ⅰ) We will make securing personal safety the highest priority (the first priority is life and the second priority is health), irrespective of whether it is inside or outside the company, and we will strive to minimize damage.
- (ⅱ) We will continue to communicate with stakeholders and secure trust and peace of mind.
- (ⅲ) We will carry out social responsibilities through maintenance of the supply of products and services that bear a role for maintaining social functions.
- (1) Risk management in normal times
Risk Management System
The Group-wide risk management system includes a Management Meeting that deliberates the following topics and serves as an advisory body to the President. The council receives reports on the topics and makes decisions on applying risk management while also confirming the implementation of the plan-do-check-action (PDCA) cycle method of ensuring continuous improvement of Group operations.
- Establishment and revision of policies and regulations related to risk management
- Assessments to identify material risks to the Group
- Selection of risks to be prioritized by the Group and appointment of “risk owner” responsible for the risk response
- Annual planning of Group risk management development
- Confirmation of progress with Group of risk management
The Group risk management system includes a Corporate officer in charge of risk management and a dedicated Secretariat for Risk Management (Risk Management Department) as well as a risk management promotion officers at each business and functional division. The Secretariat for Risk Management coordinates with all businesses and functional divisions to promote risk management throughout the Group.
The Board of Directors receives regular reports on activities related to Group risk management
Responding to Group risk priorities
The risk owners play the lead role promoting countermeasures for the priority risks that affect the entire group.
Additional efforts to continue enhancing the Group’s risk management are led by the Management Meeting, which has created the Risk Management Promotion Meeting comprised of risk owners, the president and vice president, and other members, and special meetings for in-depth discussion of topics related to the Group priority risks and potential new risks emerging from changing conditions.
Fortifying Risk Management
We define risk as “any event that could hinder the fulfilment of our corporate philosophy,” which includes not only events that could directly cause loss or damage, but that could also affect opportunities for future earnings and growth. Ideally, risk management is performed by all employees, not just the officers and executives. This means that every day, everyone is aware of risk issues, proactively identifies and shares risk, and actively participates in risk management. We are working to establish this ideal throughout the Group.
To better enable our risk management system to respond to the rapid changes in the business environment, we have revised the system to include more frequent discussion of risk issues at the Management Meeting and apply the PDCA cycle to improve our ability to respond in a timely and appropriate manner.
We also convene the Risk Management Promotion Meeting when needed to allow the relevant officers to engage in more detailed discussions about key risks. The Management Meeting also allow greater time to discussion of risk.
Roadmap of risk management activities
- Risk management and Group risk management activities
- Business continuity management (BCP) activities
|By Fiscal 2030||
Fulfill UACJ VISION 2030
All employees engaged in risk management
Risk Identification and Management Process
Each year, we carry out the following procedure to identify the priority risks to the Group and determine the direction that risk management activities will take for the fiscal year.
- Questionnaire-based assessments of general managers, major group companies, and their executives are conducted to identify key risks that the group should be aware of.
- Based on the above proposals, key risks are discussed by executive officers discuss, and risks to be addressed as a Group are identified at the Management Meeting.
- Among the selected key risks, those that are difficult to deal with in each existing business and division are classified as S Risks. An executive officer is then assigned as “risk owner” to be in charge of the Groupwide response to the risk.
- Key risks to the Group are reflected in the President’s Policy Statement based on the management strategy. Each business and division also prepares an annual policy statement of risks requiring recognition and response and addresses the risks.
Based on several perspectives, including who the risk owner will be, the identified risks are classified into three categories of S, A, and B, with response procedures laid out for each category (below).
This process facilitates the smooth integration of risk management into our management strategies.
Daily Risk Management
The Group implements the basic policy on risk and its approach to risk management in Japan and overseas in accordance with the UACJ Group Basic Policy on Risk Management, the UACJ Group Risk Management Regulations, the UACJ Group Crisis Management Guidelines, and the UAC Group BCM Guidelines.
Along with these top-down initiatives, also assigning a risk management promotion manager in each department to be in charge of promoting risk management along with the responsible official. The promotion managers will implement measures to raise risk awareness and sensitivity among within their department and be in charge of risk countermeasures. The risk management promotion managers will convene quarterly to share examples of internal and external initiatives and issues faced by the Group.
BCM (Business Continuity Management)
Business continuity management is a key materiality issue in the Group’s risk management, and we are establishing UACJ Group BCM Guidelines to provide unified principles for the Group. In fiscal 2021, the Chief Executive of the Corporate Strategy Division led initiatives to complete BCPs for a major earthquake and disease epidemic in Japan. Business continuity management at our Group companies overseas includes preparing BCPs catering to specific regional risks.
UACJ Group business continuity management drills
The UACJ Group began conducting Groupwide business continuity management drills in fiscal 2021. The first drill focused on a scenario of a major earthquake, and subsequent annual drills will deal with various emergency situations. (The Business Continuity Advancement Organization (BCAO) presented UACJ with the Excellent Practices Award for the company’s efforts in fiscal 2021.)
The drills were invaluable for identifying potential issues in our response to emergency situations, and we taking particular steps to enable multiple channels for communication during an event.
Strengthening Information Security
The UACJ Group has designated strengthening information security as a top risk management priority and enforces a Group Information Security Policy. In addition, the Information Technology Department and Internal Auditing Department collaborate in checking the information security systems of each Group company once a year.
Group Information Security Policy
Based on the UACJ Group philosophy and the “UACJ Way”, a set of basic guidelines, UACJ Corporation and its subsidiaries (hereinafter referred to as "UACJ Group") manage and practice information security in order to protect the information assets entrusted by customers and business partners, and the information assets owned by UACJ Group from the threats such as incident, disaster and crime, and to respond to the trust of society.
Scope of Application
This policy applies to officers and employees of UACJ Group.
Under the leadership of management, UACJ Group establishes an organization for information security, and defines information security measures as formal internal rules to improve and maintain the governance.
- Compliance with Laws and Contractual Requirements
Each company in UACJ Group complies with laws, regulations, codes, and contractual obligations that apply to its own company related to information security. In the event of incidents, UACJ Group takes appropriate actions to prevent a recurrence.
- Education for Officers and Employees
UACJ Group conducts education and training so that officers and employees can learn the knowledge and skills necessary for information security.
- Continuous Improvement
UACJ Group regularly evaluates the actions related to information security, and reviews them as necessary to promote continuous improvement.