Risk Management and Internal Controls

As corporations deal with constantly-changing business conditions, they also face increasingly diverse, complex risks.
KDDI defines risks as those factors and phenomena that influence the achievement of management objectives. We recognize that strengthening risk management is an important management issue. To ensure the continuation of business and fulfill our responsibilities to society, we promote risk management activities across the Group as a whole.

KDDI's Risk Management and Internal Control Systems

KDDI has established a system to centralize the management of risks, which it defines as factors that have the potential to block the achievement of management objectives. The Corporate Risk Management Division, led by a general manager of the Corporate Risk Management Division, is the core of this system.
To realize sustainable growth across the entire Group, KDDI and its Group companies, including subsidiaries and other affiliates, operate and maintain a Groupwide internal control system, and engage in risk management activities. We also aim to promote operational quality enhancement activities to realize a corporate constitution that prevents risks from materializing.

Internal Control Systems

Risk Management Activity Cycle

KDDI recognizes that in order to prevent a corporate crisis from occurring, it is important to understand the signs of such crises and to put countermeasures in place before the situation worsens.
To that end, we have built a PDCA cycle for risk management activities. We have also put in place a structure for reducing risk and for dealing with risks appropriately when they are discovered.

Information Security Initiatives

Recent years have seen many incidents worldwide in which software virus infections caused by cyberattacks have led to leaks of important confidential information, something which has become a major social issue. The KDDI Group considers the personal information it retains for its customers and the business information it retains for its business partners to be extremely important assets that need to be managed with the strictest care.
As a company responsible for providing safe, reliable communications services, KDDI recognizes that the appropriate management of information and the protection of personal information are important management issues. Basic guidelines for ensuring information security are set out in our Security Policy, while guidelines for conduct to ensure the protection of personal information are set forth in our Privacy Policy. These policies are disclosed both internally and outside the Company, and KDDI has declared that it will work to ensure the trust of its customers and other related parties, and that all of its employees are to comply with these policies.
We also will strive to enlighten our employees on the importance information security and to enhance security measures, as we work to ensure proper information management.

Information Security Management Framework

To ensure a unified approach to information security for information assets across the Group as a whole, KDDI has established an Information Security Committee chaired by the general manager of the Technology Sector. The committee comprises management, along with the heads of sales, technology, and corporate administrative divisions. This creates a structure that can accurately grasp the status of information security management and promptly implement measures to enhance information security at KDDI itself and throughout the Group.

Efforts to Reduce Information Security Risks

KDDI's efforts to reduce information security risk include preventing leaks of customer information and defending itself against cyber-terrorism. Management of all Company information assets starts with the formulation of policy by the Information Security Committee, which is then implemented through the concerted efforts of our officers and employees. The Information Security Committee is part of our corporate governance framework, which manages risk for the Company as a whole.
In the fiscal year ended March 31, 2017, we established an Information Security Incident Prevention Enhancement Month as a Companywide initiative with the goal of familiarizing employees with the need to comply with information security rules and ensuring their proper application. Through the implementation of this and other initiatives, we are working to enhance employee awareness.
To stand up against increasingly sophisticated, complex information security threats, KDDI also needs to collaborate with external parties. We are actively involved in cross-industry initiatives related to information security.

Print This Page
Change Text Size

E-mail Alerts

E-mail Alerts is a service that informs subscribers by E-mail of updates to the Investor Relations website, financial results, and other vital up-to-the-minute information.

Open link in a new windowRegistration

KDDI IR Official Twitter