KDDI's Risk Management and Internal Control Systems
KDDI has established a system to centralize the management of risks, which it defines as factors that have the potential to block the achievement of management objectives. The corporate risk management division is the core of this system.
To realize sustainable growth across the entire Group, KDDI and its Group companies, including subsidiaries and other affiliates, operate and maintain a Groupwide internal control system, and engage in risk management activities. We also promote operational quality enhancement activities to realize a corporate constitution that prevents risks from materializing.
In order to realize our management objectives with certainty, in the fiscal year ended March 31, 2016, we designated 32 items as significant risks, reflecting on issues that have come to the fore in the past and changes in our operating environment, such as the provision of high-quality networks, the increasing homogeneity of our products and services to those of our competitors, and new business domains. We worked to foresee risks and reduce significant risks and conducted internal audits as a risk approach.
Response to Internal Control Reporting System
To ensure trust in financial reporting, KDDI and the main Group companies in and outside of Japan have constructed an internal control system and conducted internal control system assessments as a response to the internal control reporting system applicable under the Financial Instruments and Exchange Act that has been in place since the fiscal year ended March 31, 2009. Assessment results are summarized in an internal control report, which was submitted to the prime minister in June 2016 and disclosed to investors.
Protection of Intellectual Property
KDDI has formulated the creation and protection of the company's intellectual properties and respect for others' intellectual properties as a basic principal under the KDDI Code of Business Conduct.
Furthermore, KDDI has also determined Intellectual Property Handling Regulations for the appropriate management and utilization of its commercial property rights, including inventions, ideas, designs, and trademarks, copyrights on software and other materials, and technological expertise and other rights protected under the Unfair Competition Prevention Act.
As of the end of March 2016, KDDI owns about 2,000 patents in Japan and about 250 overseas due to its research and development to accelerate communication speeds through such means as LTE and 5G, and for security technologies protecting personal information as part of efforts to deliver to customers faster, higher quality, safer and more secure communication services. Looking ahead, we will strengthen our intellectual property to increase competitiveness in Japan and overseas.
Strengthening Information Security
KDDI is reinforcing its information security to prevent any leakage of the information it retains for some 45.91 million au customers, as well as numerous other individual and corporate customers.
KDDI has established and administers an Information Security Committee composed of management-level employees, along with the heads of the sales, technology, and corporate administrative divisions. This committee is part of a structure that carefully recognizes the status of information security controls for the entire Company, and readily implements measures to enhance information security at KDDI itself and throughout the Group.
In April 2009, we acquired information security management system (ISMS) certification  (ISO/IEC 27001) for the entire Company. Since then, we have continued to implement measures to improve information security centered on the maintenance of these systems. In the fiscal year ended March 31, 2013, we formulated regulations for KDDI Group companies based on the KDDI Group Information Security Standards that we formulated in the fiscal year ended March 31, 2012. Since the fiscal year ended March 31, 2014, we have continued working to strengthen information security and governance at KDDI Group companies through the appropriate execution of Group company regulations and application of a plan-do-check-act (PDCA) cycle, as well as appropriately auditing its status.
This is a third-party certification system for information security systems. It was established with the goal of contributing to widespread improvements in information security and encouraging companies to target levels of information security that can be trusted around the world.