Corporate Governance

Risk Management

Sustainability - Risk Management

Basic Approach

Policy 

Basic Approach

Businesses face conditions that change day to day: climate change, natural disasters growing in frequency and intensity, geopolitical risks coming to the surface, increasing digitalization, and diversifying values. Under these circumstances, we must identify the wide range of potential future risks in a timely manner and respond appropriately if we are to sustainably increase our corporate value.

The Meiden Group has created an ERM (Enterprise Risk Management) system designed to identify all types of major business risks to the Group as a whole so that management can discuss them and control them in an integrated manner.

In addition to everyday risk management, we also have an organization-wide BCM (Business Continuity Management) system for managing and responding to business continuity risks caused by accidents or disasters. Through this, we aim to be able to respond to constantly changing risks during both regular operation and emergencies.

Public Relations Section

Initiatives to Establish a Risk Management System

Risk Management Structure

The Meiden Group is building a risk management system using the following three-line model.

Risk Management Structure
[Explanation of terms]
First line In our business units (the first line), including plants and domestic and overseas subsidiaries, we have introduced Control Self-Assessment (CSA). With this tool, each unit identifies, assesses, and controls its own risks. To identify risks, units refer to a 120-item risk list to ensure their review is comprehensive. Each unit then evaluates the major risks it identified, focusing on scale of impact and likelihood of occurrence.
Second line The second line consists of staff business units with expertise in general affairs, legal affairs, human resources, and more. These units monitor and support the CSAs performed by the first line.
Third line The internal audit department (the third line) conducts regular audits to verify that the first line’s CSA cycle and second line’s support are functioning effectively. The status of internal audits is reported to the Executive Officers’ Meeting, the Board of Directors, and key Company management as needed.
Internal Control Promotion Division This unit is responsible for the framework in which management is involved in deliberations and decision-making on major company-wide risks. The division consolidates the risk information from the first line’s CSAs and risk information overseen by the second line and submits it to executive management after it is discussed by the Risk Management Committee.
Risk Management Committee Heads of staff business units serve on this committee, which meets twice a year to discuss major company-wide risks as aggregated by the Internal Control Promotion Division. The committee selects major company-wide risks, determines which departments have jurisdiction over them, and clarifies the responsibilities of those departments. The committee also discusses new major risks to strengthen risk control.
Internal Control Committees at Group companies These committees consist of directors of subsidiaries and meet twice a year to take reports on the status of each company’s CSA and share information on major risks for the Meiden Group as a whole. The committees also take part in risk discussions among subsidiaries to enrich the conversation.

The Risk Management Committee and the Group Company Internal Control Committee are chaired by the Meidensha Director & Senior Managing Executive Officer, who is in charge of all administrative divisions.

Operations of the Risk Management Committee

The Risk Management Committee is chaired by the Director & Senior Managing Executive Officer and consists of the heads of Headquarters staff business units. Twice a year, it deliberates on the important business risks of the Meiden Group as identified by the Internal Control Promotion Division, then selects major company-wide risks. The committee determines which units have jurisdiction over each risk and discusses policies for dealing with the risks. Management holds discussions on the business risks previously discussed by the Risk Management Committee and further debates them in meetings of the Executive Officers’ Meeting and Board of Directors to determine the important business risks of the Meiden Group and policies for dealing with them.

The Risk Management Committee is clearly independent from the Audit and Supervisory Committee.

Operations of the Risk Management Committee

Major Risks from Business Activities

The Meiden Group stipulates major business risks to the entire Meiden Group, including in relation to ESG, through regular discussion among managers according to systems such as those listed above. As a result of the above discussion among managers, risks that could have a serious impact on the decisions of investors are as follows.

Major Risks Facing the Group

Ranking Risk Risk assessment Comparison with previous year’s assessment
Impact Likelihood Speed of materialization Effectiveness of response Likelihood of harm to brand
1 Environmental regulations/climate change Large High Normal Effective High 平行
2 Inadequate procurement management Large High Somewhat fast Normal Somewhat high 平行
3 Insufficient internal information management Large Medium Extremely fast Effective High 上
4 Geopolitical risks Large Medium Extremely fast Normal Somewhat high 上
5 Inadequate labor management Large Medium Normal Normal High 下
6 Occurrence of industrial accident Large Medium Extremely fast Somewhat effective Somewhat high 下
7 Reduced quality Large High Fast Somewhat effective Normal 下
8 Inadequate cyber measures Large Medium Extremely fast Effective Somewhat high 上
9 Human rights violations Large Medium Normal Normal Somewhat high 上
10 Insufficient personnel Large High Somewhat slow Somewhat effective Normal 平行
11 Occurrence of a natural disaster Large Medium Extremely fast Effective Normal 下
12 Disguising quality or iniquitous inspection Large Low Fast Somewhat effective High 下
13 Breach of Construction Business Act Large Low Fast Somewhat effective High 上
14 Insufficient awareness or responsiveness to changes in market conditions Large High Normal Effective Normal 下
15 Breach of Antimonopoly Act or bribery Large Low Extremely fast Effective High 下
16 Losses due to fluctuations in exchange rates, interest rates, stock prices, and land prices Medium High Somewhat fast Somewhat effective Normal 上
17 Incomplete control of overseas subsidiaries Large Low Extremely fast Somewhat effective Somewhat high 平行
18 Insufficient or poor internal communication Medium High Somewhat slow Somewhat effective Normal 上
19 Incomplete control of Japanese subsidiaries Large Low Normal Somewhat effective Somewhat high 平行
20 Reduced ability to cater to customers Large Low Extremely fast Normal Normal 下

scrollable

  • Note: Risk assessment is an independent analysis of the various risks faced by the Group rather than a general risk assessment.
Public Relations Section

Crisis Management System

Initiatives

Risk Management Relating to Business Activities

Preliminary Risk Assessment

The Meiden Group’s preliminary risk assessment system, based on our Basic Policy on the Establishment of a System to Ensure the Appropriateness of Business Operations, is designed to provide information for management decision-making. In our system, we hold a preliminary risk assessment meeting to carefully consider matters that may have a significant impact on the Group. Projects subject to review are generally classified as large scale EPCs, M&A, partnerships, joint developments, new businesses, or other matters that require a resolution by the Executive officer’s meeting according to regulations.
In FY2022, we conducted preliminary risk assessments on nine cases. Including these, we have not yet identified any cases that have caused new losses. Preliminary risk assessment plays an important role in managing risk prior to the start of a project.

There are four key parts to preliminary risk assessment, as follows.

  1. (1)Identify and assess the high risk factors of EPC project such as risk of construction works and project profit and take necessary measures to the project.
  2. (2)Identify and assess contract risk such as commercial and technical conditions regard to tenders, partnerships etc., and enhance risk management to the relatives.
  3. (3) Analyze risk from multiple perspectives by third party experts and take measures to reduce risk.
  4. (4)Through discussions, encourage the unit proposing the action to provide information necessary for management decision-making, such as relevance to business strategy, appropriateness of risk estimates, and feasibility of various plans.

As mentioned above, in the preliminary risk assessment, we evaluate not only financial risks, but project risks, operation risks, etc. The Corporate Policy Planning Group and the Internal Control Promotion Division serve as the secretariat for assessments, and their supervising officers determine whether a meeting needs to be held. Other units involved include the General and Legal Affairs Division, the Accounting and Financing Group, and the Sales Planning & Administration Group.

During M&A, a third-party unit performs the due diligence. Besides doing a financial investigation of the target company, we also evaluate it from an ESG perspective to strengthen risk management. This includes the target’s corporate culture, legal compliance systems including human rights concerns, compliance with environmental regulations, labor conditions, occupational health and safety, and other factors.

Public Relations Section

Business Continuity Plan (BCP)

Policies, Plans, and Targets

Business Continuity Plan (BCP)

Basic BCP Policy

The Meiden Group Basic BCP Policy stipulates the Meiden Group’s basic policy on business continuity, business continuity targets, and response in the event of a disaster, etc., and is applied at each business unit and subsidiary.

  1. (1)In the event of a disaster, it is our utmost priority to ensure the safety of all employees, their family members, and customers.
  2. (2)We contribute to swift reconstruction and recovery from disasters, considering our corporate social responsibility as a company that supports social infrastructure.
  3. (3)Limit impact on customers and Meidensha’s businesses as much as possible.

Medium-term Management Plan 2024 Initiatives

We will promote the Medium-term Management Plan 2024, paying particular attention to the following items relating to disaster-prevention and BCP.

  • Ongoing BCP initiatives
    • Moving from an earthquake-based BCP to an “all-hazard” BCP that applies to a range of risks
    • Establishing a BCP and creating systems to maintain, evaluate, and confirm its effectiveness
    • Continuing education and training, and ensuring that each employee is involved with BCP initiatives
    • Extending the BCP to overseas subsidiaries, and creating a BCP with a global perspective
  • Improving corporate and organizational resilience
    • Encouraging independent promotion of BCPs by business units, and work to improve Disaster responsiveness by company organization
    • Considering alternative production sites for important operations
  • Contributing to society and communities
    • Contributing to disaster-resilient community development by supplying Meidensha’s BCP products and corporate BCP initiatives to communities and society
System

BCM Promotion System

BCM Promotion System

Under the BCM Committee, which determines the Meiden Group’s BCP policy and measures, the Meiden Group established the Corporate BCP Promotion Committee, BCP promotion committees for each business, BCP liaison committees at domestic subsidiaries, the Working Group to Consider Priority Businesses, and the Working Group to Handle and Protect Employees, and promotes BCP throughout the Group.

Initiatives 

Third Natural Disaster Response Headquarters Drill

In September 2022, we conducted a company-wide natural disaster response headquarters drill to verify the effectiveness of BCPs that had been created. In the hypothetical scenario used for the drill this time, the Numazu Plant was hit by a Nankai Trough earthquake centered on the east side of Suruga Bay on a Sunday night, with Numazu Works the first production site to be damaged. Since the disaster occurred on a non-working day and at night, the initial response was not to gather in one place, but rather to organize information on just a portal site that would be set up when the disaster happened. Subsequently, staff verified and confirmed events particular to a damaged production site, including trade-offs between customer response and plant restoration when several days had already passed since the disaster happened, based on damage information prepared in cooperation with Numazu Works.

We will revise BCPs in light of the various issues identified during the training.

Third Natural Disaster Response Headquarters Drill
Third Natural Disaster Response Headquarters Drill
訓練の様子(本社)
Scenes from the drill (Headquarters)
訓練の様子(沼津事業所)
Scenes from the drill (Numazu Works)

Disaster Response Drill at Numazu Works

In March 2023, we brought a mobile power supply vehicle to Numazu Works to prepare for power outages at the site. In conjunction with the introduction of the vehicle, we conducted a drill to verify the process of requesting the vehicle and dispatching it to the site in the event of a power outage, as well as the work to be performed at the site. For the drill, we did in fact cut power to a portion of the plant. Participants restored electricity by connecting to the mobile power supply vehicle. This allowed us to confirm how the work would actually be performed. On the day of the event, an outside company provided drone footage of the drill. We have also discussed the usefulness of drones in times of disaster.

The Meiden Group will improve on issues identified during the drill to help create better BCP measures.

A scene at the drill
A scene at the drill
Drone footage
Drone footage

Start of Works BCP Liaison Committee

To improve disaster prevention and BCP at each production site (works), we launched the Works BCP Liaison Committee in November 2022. In the event of a disaster, works must set up an area disaster response headquarters to deal with a wide range of issues such as responding to personnel in the area, gathering information from their factories and other units and subsidiaries, and managing stockpiles. However, each works had established its own methods of responding and there was no interaction with others. The new liaison committee organizes disaster prevention and BCP-related issues at each works and discusses solutions to each one. This has enhanced disaster prevention and BCP systems at each works.

This effort continues in FY2023 to strengthen the disaster response capabilities of each works.

Establishing BCPs at Overseas Subsidiaries

Meiden Group subsidiaries outside Japan have also begun establishing BCPs. Japanese and local staff work together to design the optimal BCP for each company. This effort is starting with the ASEAN region, India, and China. Subsidiaries in these regions aim to complete their BCP manuals by the end of FY2023. We are committed to advancing this initiative to ensure business continuity for the entire Meiden Group, including overseas subsidiaries.

Employee Education on Disaster Prevention and BCP

Disaster prevention and BCP training is included in the curriculum of personnel education for each level of employment and is provided continually. In FY2022, we gave training for new employees and mid-career hires. We have also visited regional offices in Japan to conduct extensive awareness-raising initiatives, including disaster prevention and BCP training for local employees and training for BCP staff of Group companies.

In addition, we created a training video to further spread the word about our disaster prevention and BCP efforts. The video will be released in FY2023 and we will work to ensure that all Group employees view it.

Employee BCP training video
Employee BCP training video
New-employee training (online)
New-employee training (online)
Public Relations Section

Strengthening Information Security Management

Policy

Strengthening Information Security Management

The Meiden Group understands that ensuring the security of the information we handle is a most critical issue. We therefore protect information assets from disasters, accidents, criminal acts, errors, and other threats. We also maintain and enhance information management to prevent leaks, tampering, theft, or loss.

Meidensha Basic Information Security Policy

  1. 1.Purpose and Scope of Information Security

    Meidensha (hereinafter the “Company”) is aware that ensuring security of information assets handled by the Company is a major management issue for the Company, and protects information assets from threats such as disasters, accidents, crime, negligence, and cyber risks.

    By establishing and maintaining information security management, we aim to prevent information security incidents such as leakage, falsification, or theft of information, build relationships of trust with a range of interested parties, including shareholders and customers, and improve corporate value of the Company.

    This basic policy applies to all personnel who handle information assets managed by the Company.

  2. 2.Legal Compliance, etc.

    The Company complies with obligations imposed by laws and agreements that relate to business activities.

    Everyone involved with business activities ensures thorough compliance with matters required by laws and regulations, obligations imposed by agreements, this policy, and internal management regulations relating to information security.

  3. 3.Establishment and Maintenance of Information Security

    The Company provides for information security management such as by nominating an Information Security Manager and an Information Security Business Unit Managers, and establishing an office, has established regulations and procedures, etc., based on the Basic Information Security Policy, and continuously maintains and improves information security.

System

Information Security Control System

Information Security Control System

Information Security Management

The Meiden Group conducts information security audits of Meidensha and subsidiaries, mainly through the Information Security Committee, and verifies and evaluates whether security measures are actually being implemented and function.

At present, some of Meidensha and its domestic subsidiaries have received Information Security Management System (ISMS) certification.

ISMS認証 (ISMS:情報セキュリティマネジメントシステム)
Initiatives

In fiscal 2022, we are continuing to implement initiatives to reinforce information security for the entire Meiden Group.

Analysis of Incidents and Countermeasures for Each Cause

The Meiden Group is working to implement sustainable security measures in the areas of “prediction,” “defense,” “detection,” and “response.”

We analyze and implement both hardware and software measures to protect data from unauthorized logins, etc., and virus infections from suspicious emails, such as targeted email attacks, as well as measures mainly aim at combatting human factors such as theft, loss, or mishandling of information devices. We introduced the Security Operation Center (SOC) in fiscal 2017, established a detection system that operates 24 hours per day, 365 days per year, and in fiscal 2019, we installed next-generation antivirus software on all computers, in order to enhance detection.

We established the Meiden Computer Security Incident Response Team (CSIRT) and joined the Nippon CSIRT Association in order to enhance response. In addition, we have begun strengthening information security measures for customers of our products and services so they can better respond to cyberattacks, which have become increasingly sophisticated in recent years. We are also establishing internal systems to speed up incident response.

Information Security Education and Training

All of the Meiden Group’s officers, employees, dispatch workers, and contract workers, etc., engage in information security education. In fiscal 2022, we conducted e-learning on information security threats based on case studies. The e-learning was attended by 90% of employees, plus materials were sent to those who were unable to attend online.

We continue to conduct suspicious email drills as education about cyber attacks such as targeted email attacks.

Going forward, we will continue to strengthen hardware and software measures and continue to conduct personnel measures, such as information security education and suspicious email drills. We will continue to roll out measures for information security on a group-wide basis.

Enhancement of Supply Chain Information Security

Since FY2017, we have continuously conducted activities to enhance our suppliers’ information security. We ensure that suppliers are aware of information security measures as management issues, and we hold training and information sessions as required.

We continue to support our business partners’ efforts to strengthen information security. We do so through four measures designed to prevent information security incidents: awareness raising, education, visitations, and information sharing.

  • Awareness raising: We have strengthened and encouraged our business partners’ voluntary enhancements of information security by utilizing the SECURITY ACTION program of the Information-technology Promotion Agency, Japan (from FY2021). We also recommend that our business partners acquire stars (logos) representing their level of efforts to address information security to make evaluation more visible.
  • Education: We provide group training at each works and share information on information security measures and risk case studies at production plan briefing sessions.
  • Visitations: We perform on-site diagnosis of information security risks during visits to business partners.
  • Information sharing: We publish an information security newsletter and provide educational content on the online Supplier Portal.

In this way, we are continuing to conduct activities to enhance information security throughout the entire supply chain.

Public Relations Section