Risk Management and Internal Controls

As corporations deal with constantly-changing business conditions, they also face increasingly diverse, complex risks. KDDI defines risks as those factors and phenomena that influence the achievement of management objectives. We recognize that strengthening risk management is an important management issue. To ensure the continuation of business and fulfill our responsibilities to society, we promote risk management activities across the Group as a whole.

KDDI's Risk Management and Internal Control Systems

We have established a system to centralize the management of risks, which we define as factors that have the potential to block the achievement of our business goals, with the Corporate Risk Management Division at the core.
Furthermore, we are working to promote risk management throughout the KDDI Group, including subsidiaries, in order to realize continuous growth of the entire group.
We have appointed 31 Internal Control System Managers within KDDI and 42 at group companies, as well as 7 Internal Control System Directors to oversee their activities. Under their leadership, we introduce and run internal control systems, carrying out risk management activities and run operational quality improvement activities to foster a company culture in which risks are less likely to arise.

KDDI Group Internal Control Framework

Risk Management Activity Cycle

KDDI recognizes that in order to prevent a corporate crisis from occurring, it is important to understand the signs of such crises and to put countermeasures in place before the situation worsens. To that end, we have built a PDCA cycle for risk management activities. We have also put in place a structure for managing risks to ensure they are dealt with rapidly and appropriately when they are discovered.

Information Security Initiatives

Recent years have seen many incidents worldwide in which software virus infections caused by cyberattacks have led to leaks of important confidential information, something which has become a major social issue. The KDDI Group considers the personal information it retains for its customers and the business information it retains for its business partners to be extremely important assets that need to be managed with the strictest care.
As a company responsible for providing safe, reliable communications services, KDDI recognizes that the appropriate management of information and the protection of personal information are important management issues. Basic guidelines for ensuring information security are set out in our Security Policy, while guidelines for conduct to ensure the protection of personal information are set forth in our Privacy Policy. These policies are disclosed both internally and outside the Company, and KDDI has declared that it will work to ensure the trust of its customers and other related parties, and that all of its employees are to comply with these policies.
We also will strive to enlighten our employees on the importance information security and to enhance security measures, as we work to ensure proper information management.

Information Security Management Framework

To ensure a unified approach to information security for information assets across the Group as a whole, KDDI has established an Information Security Committee chaired by the general manager of the Technology Sector. The committee comprises management, along with the heads of sales, technology, and corporate administrative divisions. This creates a structure that can accurately grasp the status of information security management and promptly implement measures to enhance information security at KDDI itself and throughout the Group.

Efforts to Reduce Information Security Risks

Our efforts to minimize information security risks include preventing customer information leaks and defending against cyberterrorism. The Information Security Committee leads the management of all company information assets and formulates measures for officers and employees to put them into practice all together. The committee is part of our corporate governance framework, which manages risks for the whole group.
In fiscal 2017, we established the Information Security Incident Prevention Enhancement Month as a group-wide initiative with the aim of spreading and fully implementing information security rules. During this campaign, various activities were conducted for officers and employees to raise awareness toward information security.
Furthermore, we have implemented common security standards for the entire group and apply them to all group companies to manage all our information assets and strengthen the various measures that are in place to control specific information assets. To minimize security risks, persons in charge of information security promotion from KDDI and group companies hold regular meetings to share information and discuss security measures.
To tackle increasingly sophisticated, complex information security threats, we also need to collaborate with external parties. We are actively involved in cross-industry initiatives related to information security.

<Organizations We Join>

  • ICT-ISAC Japan
  • Forum of Incident Response and Security Teams (FIRST)
  • Nippon CSIRT Association

E-mail Alerts

E-mail Alerts is a service that informs subscribers by E-mail of updates to the Investor Relations website, financial results, and other vital up-to-the-minute information.

Open link in a new windowRegistration

KDDI IR Official Twitter