To ensure the continuity and ongoing progress of our businesses while also fulfilling our corporate social responsibilities, given the globalization of our businesses and rapidly changing economic conditions and the world's high expectations for corporate responsibility, it is important for companies to be committed to executing appropriate and efficient business processes for operating such organizations.
Therefore, to increase the trust of society, Shimadzu has established a risk management system, which encompasses corporate ethics and compliance, fosters a corporate culture that respects corporate ethics and compliance, and engages in activities for ensuring that business risks are properly managed
Risk Management System (including compliance with laws and the corporate code of ethics)
The President is the chief officer responsible for risk management. Below the president, a Risk Management and Corporate Ethics Board meets twice a year as a deliberative body to confirm and decide on policies for company-level risks that require prioritized measures (priority risks) and compliance risks. Those activities are coordinated by the director in charge of risk management and are primarily deployed by departments responsible for the respective risks and committees in charge of company-wide risk management issues, in a top-down manner to other respective departments and Group companies.
Risk Management Assessment Methods
Top-Down Risk Assessment
Once every two years, in Shimadzu, an assessment of company-wide risks is conducted and corresponding countermeasures are considered by the Top-Down Risk Assessment. The Risk Review Committee identified potential risks to the Shimadzu Group based on changes in the business environment that had occurred during the previous two years. Risks that require especially prioritized countermeasures were specified as priority risks (five items) and the specific directors and departments responsible for managing such risks were specified. The progress of risk reduction measures are verified by the Risk Management and Corporate Ethics Board.
Bottom-up Risk Assessment
Assuming that those working on the front lines are the most aware of risks, Shimadzu and Group companies in Japan and abroad have been implementing a risk management method called control self assessment (CSA) to prevent and control risks within the context of the plan-do-check-action (PDCA) cycle implemented as part of normal front-line business processes. With CSA, assessors self-assess pre-specified patterned risk factors in terms of impact level and incidence rate. Based on those assessment results, each department (or Group company) identifies major risks and then prepares and implements measures to control those risks. CSA results are used not only as a tool for activities in each department (or Group company), but also for corporate risk management. It is also important for risk management to objectively measure the importance of risks and implement countermeasures.
Risk Management Activities
The respective departments and various committees responsible for risks engage in activities to promote their respective specialized areas of risk management. The following describes some of those measures.
Managing Business Law Violation Risk (Legal Department/Official Approval Committee)
In some cases, production, sales, or other operation activities require obtaining legal or government approval through specific screening procedures. Referred to as permits and licenses, the Shimadzu Group currently has permits and licenses for about 90 laws and regulations, such as Japan's Pharmaceutical Affairs Law, Measurement Act, Aircraft Manufacturing Industry Act, and Construction Business Act. Such permits and licenses not only must be obtained appropriately, but also maintained in compliance with the applicable laws, such as by obtaining qualified personnel, satisfying permit/license requirements, and following the renewal process. Therefore, to ensure we understand and inspect the legal and regulatory compliance status of all Shimadzu Group companies, the Official Approval Committee meets periodically to review our compliance status. Also, any concerns identified regarding permits and licenses are promptly and appropriately addressed through cooperation between the applicable company, relevant departments, and the Official Approval Committee.
Managing Natural Disaster Risk
Shimadzu has established regulations and manuals that specify instructions for initial response to major earthquakes, storms, flooding, or other natural disasters that cause major damage to business operations, and implementing routine countermeasures for such disasters, such as disaster training and workplace safety measures. In addition, training and other measures are regularly implemented based on the content of those regulations and manuals.
Introducing a Security Confirmation System
A system for each employee to report their safety status using their mobile phone in the event of a large earthquake or other major disaster was introduced at the Head Office and Group companies in Japan, with training conducted periodically. By smoothly confirming the safety of employees, initial response can be provided more quickly and appropriately.
Conducting Disaster Training
At the Head Office, mass evacuation training assuming an earthquake is conducted periodically to firmly instill initial actions and increase awareness of risk management. In addition, periodic hands-on fire extinguishing training is conducted using simulated fire extinguishers and fire hydrants that actually discharge water. Desktop initial response training is also conducted for disaster response task forces.
Stocking Disaster Provisions
Food, blankets, temporary toilets, and other supplies for daily life are stocked at the Head Office. Disaster rescue supplies, such as pickaxes and hydraulic jacks, and supplies for supporting service locations, such as portable gas cans, are also stocked.
Business Continuity Plan / BCP
Shimadzu considers the occurrence of a major earthquake a major corporate risk. Therefore, we have established a business continuity plan for ensuring the safety of personnel, minimizing damage, recovering quickly, and fulfilling our responsibility to supply products to our customers.
In an emergency, a head office task force, headed by the President, to coordinate the Group companies and five subordinate divisional task forces, headed by respective division General Managers, to coordinate each division are established for leading business continuity and recovery measures.
Preparation of Recovery Plan
A business recovery plan is prepared for each division. A recovery plan is prepared separately for buildings, utilities, production lines, procurement, service, and other functions, to ensure a quick recovery of business operations.