Risk Management and Internal Controls

As corporations deal with constantly-changing business conditions, they also face increasingly diverse, complex risks. KDDI defines risks as those factors and phenomena that influence the achievement of management objectives. We recognize that strengthening risk management is an important management issue. To ensure the continuation of business and fulfill our responsibilities to society, we promote risk management activities across the Group as a whole.

KDDI's Risk Management and Internal Control Systems

We have established a system to centralize the management of risks, which we define as factors that have the potential to block the achievement of our business goals, with the Corporate Risk Management Division at the core.
Furthermore, we are working to promote risk management throughout the KDDI Group, including subsidiaries, in order to realize continuous growth of the entire Group.
We have appointed 28 Internal Control System Managers within KDDI and 45 at Group companies, as well as 5 Internal Control System Directors to oversee their activities.
Under their leadership, we introduce and run internal control systems, carrying out risk management activities, and run operational quality improvement activities to foster a company culture in which risks are less likely to arise.

Personnel in Charge of Internal Control

Risk Management Activity Cycle

KDDI recognizes that in order to prevent a corporate crisis from occurring, it is important to understand the signs of such crises and to put countermeasures in place before the situation worsens. To that end, we have built a PDCA cycle for risk management activities. We have also put in place a structure for managing risks to ensure they are dealt with rapidly and appropriately when they are discovered.

Risk Identifying Process

We regularly examine information about risks to identify significant risks that seriously influence corporate business, and discuss measures to reduce such risks and their impacts as much as possible in case we face them. In order to ensure the achievement of our business goals, in the fiscal year ended March 31, 2021, we selected 29 significant risks based on issues that manifested in the past and changes in the business environment, and held internal audits based around risk prediction, reduction of significant risks, as well as risk approach. The selected significant risks include cyberattacks, which are becoming increasingly complex, global businesses and issues relating to new business fields we are entering such as e-commerce, finance and settlement, and energy, which aim to make the integration of telecommunications and life design a reality. We have also identified risks arising from the expansion of the Group through M&A as significant risks and have implemented more robust measures against them.
In order to minimize information security risks, we have also established a common standard applicable group-wide to improve the level of information security across the Group including newly joined Group companies.
The status of these significant risks is also reflected on business risks that are revealed in the Securities Report [1] since it relates to finance as well.

  • [1]
    Japanese only

E-mail Alerts

E-mail Alerts is a service that informs subscribers by E-mail of updates to the Investor Relations website, financial results, and other vital up-to-the-minute information.

Open link in a new windowRegistration

KDDI IR Official Twitter