Basic ideas and policies
We will contribute to the sustainable growth and development of our Group and society by instilling a high sense of ethics in each and every one of our employees and ensuring they engage in risk management with an eye to the future. By repeating a cycle of examining the direction and appropriateness of risk countermeasures and verifying their effectiveness – to include conducting company-wide risk assessments and pursuing business continuity management – we will clarify risks and their impact on business management and tie them to management decisions that achieve an optimal allocation of resources.
Risk management promotion system
Risk management system
Resonac has put in place an ISO31000-compliant risk management system and organized a Risk Management Committee chaired by the CEO that allows top management to deliberate across organizations on the risk management system, the Group's major risks, and measures to address them. Matters deliberated on by the Risk Management Committee are discussed and approved by the Executive Committee and then reported to the Board of Directors, which evaluates the appropriateness and effectiveness of the risk management system and supervises its implementation.
In addition, risk owners, risk officers, and risk managers have been assigned at each business unit, plant and major Group company in Japan to assume responsibility for identifying and assessing risks for each business/worksite and to promote countermeasures that address those risks. In addition, the various CXO organizations that constitute corporate divisions at the Head Office are responsible for overseeing the control of risks under their authority as risk control organizations setting company-wide risk control standards, and reviewing and supporting risk assessment and response measures by risk assessment organizations from a Group-wide, cross-sectional perspective. In this way, the Company is able to ensure a system is in place in which management and frontline personnel work together in pursuit of integrated risk management.
Crisis management system
In the event of a disaster, compliance violation, or other incident in which risk becomes apparent, the relevant business unit or office reports to the CXO organization responsible for that risk and the CRO, and the CXO and CXO work together in responding to the incident. Should the incident be capable of threatening the Group’s existence or developing into a situation that could seriously impede the Group's normal business operations, a Crisis Response Headquarters headed by the CEO will be established to assess the situation and its impact, issue instructions on containing the damage/loss, consider how to disseminate information to the public, and promptly take other appropriate initial actions.
If a significant impact on business continuity is anticipated after the initial response, we will activate the BCP (Business Continuity Plan) for products that have been previously defined as subject to maintenance in order to maintain and quickly restore business activities to fulfill our responsibility to continue supplying customers with products, especially those necessary for maintaining social infrastructure.
Risk management system diagram
The following KPIs are being pursued as material issue KPIs.
Progress made in achieving material issue measures and KPIs
1. Advanced risk assessments
(1) Risk assessment practices
Risks with both a very high frequency of occurrence and a substantial impact were positioned as critical risks, and risk events and response plans were reviewed and shared by divisions and the Risk Management Department as well as being reported to the Risk Management Committee. The 2022 risk assessment identified accidents and disasters, legal and regulatory compliance, personnel and labor issues, information security, supply chains, and the external environment (including changes in market trends) as critical risks. The results of the risk assessment have been shared on the system with managers and higher-ranking officials throughout the company to reduce risks onsite.
Specific examples of key risks and measures to address them
- ※ Click here for "Business and other risks " disclosed in the Annual Securities Report
(2) Continuous improvement of risk assessment process
After centralizing risk information and unifying the risk assessment process through the risk management system introduced in 2021, we added a "CXO organization review process" in 2022. CXO organizations as risk control organizations introduced a process to review countermeasures, consider the need for support, and monitor the operational status of risks identified by business units and plants as a second line of defense.
To further improve the process, we plan to add a “control implementation evaluation process" and a "monitoring process" for risk response planning and mitigation measures. We will continue improving the risk assessment process by expanding the process to examine the direction and appropriateness of risk countermeasures and verify their effectiveness.
2. Promotion of BCM
(1) Establish BCM/BCP guidelines
The importance of BCM for companies is increasing every year due to such factors as the strong likelihood of a Nankai Trough earthquake within the next 30 years, the occurrence of earthquakes directly under the Tokyo metropolitan area, global epidemics of emerging infectious diseases, and increasingly sophisticated and complex cyber-attacks.
We have therefore formulated BCM/BCP guidelines with the aim of revamping the BCP system, which previously comprised plans drafted independently by individual business units and plants, to standardize and raise the level of BCP throughout the company. We have changed our approach from the conventional scenario-based BCP for individual disasters such as earthquakes to one that sets recovery targets (target recovery time, target recovery level) based on the business requirements of stakeholders and others by creating a BCP based on the consequent damage to management resources.
In addition, we will review the system for implementing BCP simulation drills, which have been conducted independently at workplaces, and the Risk Management Department will establish guidelines and a system to support simulation drills by 2025.
We aim to improve the effectiveness and high-level standardization of business impact analysis (BIA) and BCP by deepening employees' understanding of the BCP, while implementing the PDCA cycle through periodic reviews of BIA and the BCP and verifying their effectiveness through BCP simulation drills.
(2) Selection of BCP products subject to maintenance and BCP maintenance plan
We have selected from among all our Group’s products and services those to which management resources are to be preferentially allocated even in the face of obstacles to business continuity from the perspective of social infrastructure products, etc.
The BCPs for these products subject to maintenance will be reviewed in full、 based on the BCM/BCP guidelines and should be revamped by the end of 2024.
3. Responds to risks from changes in the external environment
Today’s external global environment is becoming increasingly complex and uncertain, with rising geopolitical risks, changes in the economic security environment, planetary-scale environmental issues such as climate change, and rapid advances in technological innovation. We recognize that conventional risk assessment methods are limited in their ability to extract risks with an awareness of these megatrends and dynamic changes in the external environment. We will therefore examine the possibility of introducing a system to respond quickly and flexibly to future changes in the external environment by identifying external environmental changes from among a wide range of megatrends to which the Group should be attentive, sorting out the possible risks and their impacts, and preparing response plans.
The risk events and countermeasures extracted in this way will be centrally identified and visualized and a process then established to monitor them on a regular basis, with the aim of establishing a system to manage them together with risk information extracted through conventional risk assessments.