The Maruha Nichiro Group engages in Enterprise Risk Management (ERM) with the purpose of improving corporate value and fulfilling the trust of stakeholders given that risk management is considered an important element of corporate management.
Role of Risk Management
The Group considers risk management activities to be a function for eliminating and mitigating factors that may hinder the execution of the Group's philosophy. We consider risk management, along with implementing management strategy, to form the “wheels of a car” for achieving business objectives. We are working to increase trust from stakeholders by implementing preventive countermeasures against inherent business risk, mitigating these risks, and proper information disclosure at the same time.
Risk Management Framework
Management Structure Centered around the Legal Affairs & Risk Management Department
The Group has established a system which the Legal Affairs & Risk Management Department plays a central role, whereby the risk management supervisors and risk management staff of Maruha Nichiro Corporation Departments and each group company cooperate to carry out risk management operations.The Group has established a system which the Legal Affairs & Risk Management Department plays a central role, whereby the risk management supervisors and risk management staff of Maruha Nichiro Corporation Departments and each group company cooperate to carry out risk management operations.
The Legal Affairs & Risk Management Department prepares a risk matrix based on the evaluation and analysis of risks identified by each department of the Company and by each group company to sort and determine the priority of risks for the Maruha Nichiro Group. In this manner, the department routinely manages the various latest risks facing the Group's business activities and uses its findings to improve operations.
The Legal Affairs & Risk Management Department also plays a central role in the grou's crisis management in response to emergency situations. This includes preventing the spread of risks and crises before they
materialize as well as contingencies such as major accidents, incidents or large-scale disasters that could threaten the continuity of the Group.
PDCA Cycle Practice based on Risk Assessment
The Maruha Nichiro Group regularly identifies risks that impact the Group, taking into consideration changes in the business environment. In turn, these risks are evaluated and analyzed according to level of impact, based on the impact actual risks and predicted risks have, and possibility of occurrence, which determines the frequency of risk materialization. The results are assessed comprehensively together with management vulnerabilities.
Serious risks determined to have a high priority after sorting are assigned countermeasures based on the nature of the risk, which are then approved by the Managing Executive Officers' Committee. On top of this, we have established a system whereby the Legal Affairs & Risk Management Department monitors the progress of countermeasures implemented by Maruha Nichiro Corporation Departments and each group company while providing assistance. In this manner, the organizational PDCA cycle is functioning effectively.
Main Expected Risk
| Risk item | Main relevant risk | Main initiatives |
|---|---|---|
| Spread of new types of infectious diseases |
|
|
| Natural disasters and accidents, etc. |
|
|
| Information management |
|
|
| Compliance |
|
|
| Supply safe and secure foods |
|
|
| Practice Sustainable Procurement |
|
|
*Due to space limitations, only a few of these risks are introduced here. For details, see our securities report (Japanese).
Prompt and Reliable Communication of Risk Information
To ensure that important risk information is conveyed to top management promptly and reliably, multiple communication channels have been established. Risk information within the Group is not only reported to the President & CEO of Maruha Nichiro Corporation via the regular organizational route, but also flows from risk management staff appointed in Maruha Nichiro Corporation Departments and each group company directly to the relevant departments of the Company's Corporate Management Division and Legal Affairs & Risk Management Department.
The Legal Affairs & Risk Management Department actively promotes risk communication with each department and group company, along with education and training, in aiming to improve and maintain this structure. Through these activities, we strive to enhance risk awareness across the entire group and promote prompt response, and cultivate a corporate culture that never conceals information.
Flow of Risk Information
(As of Apr 1, 2024)
Business Continuity Plan (BCP) Formulation
Pandemic Response
In the event of an outbreak or spread of a new type of infectious disease, we will take measures to minimize employee infection by establishing an emergency response headquarters, establishing an infection prevention and countermeasures manual, and disseminating and sharing notices of various responses throughout the Group as appropriate.
In response to the COVID-19 pandemic in 2020, under the direction of the headquarters, we implemented basic infection prevention measures and flexible working arrangements to minimize the impact on our business operations while preventing employee infection.
Promotion of BCP to Group Companies, Including Large-Scale Earthquake Preparedness
In preparation for major earthquakes, we have established the Maruha Nichiro Group Business Continuity Plan (BCP) Regulations, which we have made improvements to continuously. We are seeking improvement through regular drills and revision of the plan to achieve a more effective system as well as gradually implementing BCP at group companies.
Information Management System
The Maruha Nichiro Group has established the Information Management Committee, chaired by the Director in charge, to ensure that information entrusted to us by our stakeholders, whether in paper or data form, is properly managed. In addition to establishing regulations for Maruha Nichiro and Group companies, the committee conducts PDCA activities related to information management, identifies issues, and examines countermeasures to strengthen and establish an information management system for the entire Group. The committee's secretariat which consists of the Legal Affairs & Risk Management Department, the General Affairs Department, and the Digital Transformation Department, promotes information management activities together with the information management officers who are department heads or presidents of Group companies and appointed personnel.
Cyber Security Measures
To address the increasingly sophisticated and diverse cyber attacks, we have installed firewalls and anti-virus measures for e-mail and PCs, and we also use an external SOC service to detect and analyze cyber attacks 24 hours a day, 365 days a year. We have been working to implement Endpoint Detection and Response (EDR) to monitor the status of devices including computers and quickly detect and respond to suspicious activities. Furthermore, as a personnel measure, which is indispensable for security measures, we regularly conduct “information security learning” through e-learning and “targeted e-mail training” to educate and train all employees of the Group, and strive to establish knowledge and raise awareness. In addition, we conduct “Information Incident Response Training” every year at relevant departments in preparation for contingencies. This training simulates the occurrence of an incident related to information management that could have a serious impact on our business continuity, and involves the relevant departments in confirming policies and procedures to deal with any risks that may arise.
We will continue to strengthen our efforts in this regard so that all officers and employees will be prepared to respond in case of emergency.
Approach to Personal Information Protection
The Maruha Nichiro Group has established internal rules and regulations based on the “Personal Information Protection Policy” to ensure the protection and lawful and appropriate use of personal information across the entire Group.
As a specific measure, the Group conducts e-learning training for Group executives and employees to ensure the safe management of personal information. In addition, each Group company conducts periodic self-inspections and monitoring of personal information management, as well as confidential information management and information security. We are making efforts to ensure the protection of personal information by centrally managing personal information that needs to be stored on a dedicated file server established within the company.
We will continue to comply with laws, regulations, and various guidelines to protect personal information and use it legally and appropriately.
