Risk Management and Internal Controls
As corporations deal with constantly-changing business conditions, they also face increasingly diverse, complex risks. KDDI defines risks as those factors and phenomena that influence the achievement of management objectives. We recognize that strengthening risk management is an important management issue. To ensure the continuation of business and fulfill our responsibilities to society, we promote risk management activities across the Group as a whole.
We have established a system to centralize the management of risks, which we define as factors that have the potential to block the achievement of our business goals, with the Corporate Risk Management Division at the core.
Furthermore, we are working to promote risk management throughout the KDDI Group, including subsidiaries, in order to realize continuous growth of the entire group.
We have appointed 31 Internal Control System Managers within KDDI and 42 at group companies, as well as 7 Internal Control System Directors to oversee their activities. Under their leadership, we introduce and run internal control systems, carrying out risk management activities and run operational quality improvement activities to foster a company culture in which risks are less likely to arise.
KDDI recognizes that in order to prevent a corporate crisis from occurring, it is important to understand the signs of such crises and to put countermeasures in place before the situation worsens. To that end, we have built a PDCA cycle for risk management activities. We have also put in place a structure for managing risks to ensure they are dealt with rapidly and appropriately when they are discovered.
Recent years have seen many incidents worldwide in which software virus infections caused by cyberattacks have led to leaks of important confidential information, something which has become a major social issue. The KDDI Group considers the personal information it retains for its customers and the business information it retains for its business partners to be extremely important assets that need to be managed with the strictest care.
We also will strive to enlighten our employees on the importance information security and to enhance security measures, as we work to ensure proper information management.
To ensure a unified approach to information security for information assets across the Group as a whole, KDDI has established an Information Security Committee chaired by the general manager of the Technology Sector. The committee comprises management, along with the heads of sales, technology, and corporate administrative divisions. This creates a structure that can accurately grasp the status of information security management and promptly implement measures to enhance information security at KDDI itself and throughout the Group.
Our efforts to minimize information security risks include preventing customer information leaks and defending against cyberterrorism. The Information Security Committee leads the management of all company information assets and formulates measures for officers and employees to put them into practice all together. The committee is part of our corporate governance framework, which manages risks for the whole group.
In fiscal 2017, we established the Information Security Incident Prevention Enhancement Month as a group-wide initiative with the aim of spreading and fully implementing information security rules. During this campaign, various activities were conducted for officers and employees to raise awareness toward information security.
Furthermore, we have implemented common security standards for the entire group and apply them to all group companies to manage all our information assets and strengthen the various measures that are in place to control specific information assets. To minimize security risks, persons in charge of information security promotion from KDDI and group companies hold regular meetings to share information and discuss security measures.
To tackle increasingly sophisticated, complex information security threats, we also need to collaborate with external parties. We are actively involved in cross-industry initiatives related to information security.
<Organizations We Join>
- ICT-ISAC Japan
- Forum of Incident Response and Security Teams (FIRST)
- Nippon CSIRT Association
- Management Policy
- Corporate Governance
- IR Documents
- Financial Data
- Stock & Ratings
- IR News
- IR Calendar