The Maruha Nichiro Group engages in Enterprise Risk Management (ERM) with the purpose of improving corporate value and fulfilling the trust of stakeholders given that risk management is considered an important element of corporate management.
Role of Risk Management
The Group considers risk management activities to be a function for eliminating and mitigating factors that may hinder the execution of the Group's philosophy. We consider risk management, along with implementing management strategy, to form the “wheels of a car” for achieving business objectives. We are working to increase trust from stakeholders by implementing preventive countermeasures against inherent business risk, mitigating these risks, and proper information disclosure at the same time.
Risk Management Framework
ERM Framework
The Group has established a system which the Legal Affairs & Risk Management Department plays a central role, whereby the risk management supervisors and risk management staff of Maruha Nichiro Corporation Departments and each group company cooperate to carry out risk management operations.The Group has established a system which the Legal Affairs & Risk Management Department plays a central role, whereby the risk management supervisors and risk management staff of Maruha Nichiro Corporation Departments and each group company cooperate to carry out risk management operations.
The Legal Affairs & Risk Management Department prepares a risk matrix based on the evaluation and analysis of risks identified by each department of the Company and by each group company to sort and determine the priority of risks for the Maruha Nichiro Group. In this manner, the department routinely manages the various latest risks facing the Group's business activities and uses its findings to improve operations.
The Legal Affairs & Risk Management Department also plays a central role in the grou's crisis management in response to emergency situations. This includes preventing the spread of risks and crises before they
materialize as well as contingencies such as major accidents, incidents or large-scale disasters that could threaten the continuity of the Group.
Risk Assessment and the PDCA Cycle
The Maruha Nichiro Group regularly identifies risks that impact the Group, taking into consideration changes in the business environment. In turn, these risks are evaluated and analyzed according to level of impact, based on the impact actual risks and predicted risks have, and possibility of occurrence, which determines the frequency of risk materialization. The results are assessed comprehensively together with management vulnerabilities.
Serious risks determined to have a high priority after sorting are assigned countermeasures based on the nature of the risk, which are then approved by the Managing Executive Officers' Committee. On top of this, we have established a system whereby the Legal Affairs & Risk Management Department monitors the progress of countermeasures implemented by Maruha Nichiro Corporation Departments and each group company while providing assistance. In this manner, the organizational PDCA cycle is functioning effectively.
Main Expected Risk
| Risk item | Main relevant risk | Main initiatives |
|---|---|---|
| COVID-19 pandemic |
|
|
| Natural disasters and accidents, etc. |
|
|
| Information management |
|
|
| Compliance |
|
|
| Supply safe and secure foods |
|
|
| Practice Sustainable Procurement |
|
|
*Due to space limitations, only a few of these risks are introduced here. For details, see our securities report (Japanese).
Prompt and Reliable Communication of Risk Information
To ensure that important risk information is conveyed to top management promptly and reliably, multiple communication channels have been established. Risk information within the Group is not only reported to the President & CEO of Maruha Nichiro Corporation via the regular organizational route, but also flows from risk management staff appointed in Maruha Nichiro Corporation Departments and each group company directly to the relevant departments of the Company's Corporate Management Division and Legal Affairs & Risk Management Department.
The Legal Affairs & Risk Management Department actively promotes risk communication with each department and group company, along with education and training, in aiming to improve and maintain this structure. Through these activities, we strive to enhance risk awareness across the entire group and promote prompt response, and cultivate a corporate culture that never conceals information.
Flow of Risk Information
(As of Apr 1, 2023)
Business Continuity Plan (BCP) Formulation
Pandemic Response
We have developed the “Maruha Nichiro Group New Influenza Response Rules” and are ensuring thorough dissemination within the group.
We have also developed manuals that outline the establishment of an emergency response headquarters in the event of a novel influenza outbreak, and practical methods on infection prevention among employees and a Business Continuity Plan (BCP).
In addition, in response to the COVID-19 pandemic in 2020, we have established an emergency response
headquarters, compiled a manual on infection prevention, and disseminated circulars as appropriate to respond to various types of infections. The entire Group is taking preventive measures against the spread of infection including instructing all employees to take measures including handwashing, gargling, and wearing masks, in addition to working from home, staggered working hours, avoiding the 3Cs (close contact, confined spaces, and crowded places).
Major Earthquake Countermeasures
In preparation for major earthquakes, we have established the Maruha Nichiro Group Business Continuity Plan (BCP) Regulations, which we have made improvements to continuously. We are seeking improvement through regular drills and revision of the plan to achieve a more effective system as well as gradually implementing BCP at group companies.
Conducting Walking-home Drills
In preparation of disrupted transportation networks and systems in the event of a major earthquake in the Tokyo metropolitan area, we have put in place a structure and action plan to support and help employees return home safely. To enhance the effectiveness of these action plans, we regularly hold walking-home drills in the Tokyo metropolitan area. At the head office building of Maruha Nichiro Corporation, an ICT-based "Disaster Return Assistance Website" has been established to strengthen the system that allows people to return home safely in groups and the ability of individuals to communicate with the company. Through the website, we collect information on residential areas needed for forming groups to walk home while protecting personal information as well as provide grouping numbers in case employees must walk home in groups and support creating maps for walking home from the office.
Information Security
The Maruha Nichiro Group established "Information Security Management Regulations" to ensure convenience by utilizing our information assets, and to prevent information leakage, falsification, system failure due to computer virus, etc., comprehensively and systematically.
In order to put this basic policy into practice, we have established "Information Security Management Rules" and stipulate specific procedures and actions to be observed in order to take information security measures for information assets.
In addition, we are reviewing it as appropriate in line with changes in the social environment and the development of information technology, and we are working to promptly publish the latest version on the company intranet and make it known to all employees.
Measures to Prevent Information Leakage
Handling of confidential information, we have established the "Document Management Regulations" and manage it in accordance with the standards for storage and disposal of documents.
In addition, handling of personal information, we fully recognize the importance of protecting personal information in the advanced communication society, we have set up a "personal information protection policy" based on laws and regulations applicable to the protection of personal information.
In order to implement "Personal Information Protection Policy", Maruha Nichiro Group has formulated the "Personal Information Protection Handling Regulations", thoroughly disseminates it to employees and related parties through e-learning using the intranet, etc., and complies with it through internal audits.
Furthermore, we are making continuous improvements, such as reviewing these regulations in a timely and appropriate manner.
Activities for Cybersecurity
The Maruha Nichiro Group has established the Information Management Committee to appropriately manage information entrusted to us by our stakeholders. The Committee develops rules and regulations as well as implement PDCA activities information management, identify issues and consider countermeasures, and enhance the Group's overall information management systems.
As a technical measure to ensure cyber security, in addition to the installation of firewalls and anti-virus measures for e-mail and PCs, we use an external SOC service to detect and analyze cyberattacks 24 hours a day, 365 days a year.
As a personnel measure, we regularly conduct “information security learning” and “targeted e-mail training” to educate and train our employees, and strive to establish knowledge and raise awareness. In preparation for emergency situations, we conduct “Information Incident Response Training” in relevant departments to strengthen our ability to respond in case of emergency.
