KDDI's Risk Management and Internal Control Systems
KDDI has established a system to centralize the management of risks, which it defines as factors that have the potential to block the achievement of management objectives. The Corporate Risk Management Division is the core of this system.
To ensure the sustainable growth of the entire Group, we are promoting risk management initiatives that encompass risk management Groupwide, including KDDI and its subsidiaries.
KDDI and its Group companies have respectively appointed 31 and 29 Internal Control System Managers, as well as eight Internal Control System Directors, to oversee their activities. This structure forms the basis for our internal control system and its operation, as well as risk management activities. We also promote operational quality enhancement activities to realize a corporate constitution that prevents risks from materializing.
In order to realize our management objectives with certainty, in FY2014 we designated 32 items as significant risks, reflecting on issues that have come to the fore in the past and changes in our operating environment, such as the provision of high-quality networks, the increasing similarity of our products and services to those of our competitors, and new business domains. We worked to foresee risks, reduce significant risks, support operational improvements, and conduct internal audits.
Furthermore, we are undertaking Companywide initiatives to improve the quality of our operations, thereby cultivating a corporate culture that prevents risks from materializing.
Strengthening Information Security
KDDI is reinforcing its information security to prevent any leakage of the information it retains for some 43.48 million au customers, as well as numerous other individual and corporate customers.
KDDI has established and administers an Information Security Committee composed of management-level employees, along with the heads of the sales, technology, and corporate administrative divisions. This committee is part of a structure that carefully recognizes the status of information security controls for the entire Company, and readily implements measures to enhance information security at KDDI itself and throughout the Group.
In April 2009, we acquired information security management system (ISMS) certification  (ISO/IEC 27001) for the entire Company. Since then, we have continued to implement measures to improve information security centered on the maintenance of these systems. In FY2012, we formulated regulations for KDDI Group companies based on the KDDI Group Information Security Standards that we formulated in FY2011.
Since FY2013, we have continued working to strengthen information security and governance at KDDI Group companies through the appropriate execution of Group company regulations and application of a plan-do-check-act (PDCA) cycle, as well as appropriately auditing its status.
This is a third-party certification system for information security systems. It was established with the goal of contributing to widespread improvements in information security and encouraging companies to target levels of information security that can be trusted around the world.
Includes corporate, technology and sales, and customer support divisions, as well as KDDI KYOSAIKAI (now, KDDI Group Welfare Association), KDDI Health Insurance Union, KDDI Pension Fund, KDDI Research Institute, Inc., and KDDI MATOMETE OFFICE CORPORATION
Includes Japan Telecommunication Engineering Service Co., Ltd.