Priority Risk Assessment and Selection
We assess potential risks due to changes in the internal or external management environment along two axes, "degree of impact on management" and "degree of management control," and select the risks to be addressed on that basis. We monitor risks from both internal and external aspects, assess the severity of risks in response to changing conditions in a timely fashion, and strive to face risks in an agile manner.
Main Company-wide Risks
We endeavor to mitigate risks over which management control is insufficient despite having a significant effect on management through companywide projects implemented on a priority basis.
Countermeasure Status Monitoring
When the impact on management remains high despite countermeasures having an effect and the degree of management control increasing through our activities, we confirm the status of subsequent countermeasures through audits and other means.
External Information Monitoring
Even for risks that have a small impact on management at the present time and are not considered to be management issues, for risks that are not subject to countermeasures we collect external information with high sensitivity, and endeavor to monitor the situation.
Risk Management System
The Kewpie Group recognizes events with the potential to affect the continued and stable development of management as risks, and strives to enhance internal controls through the practice of risk management.
Each department in charge continuously monitors individual risks, while the Risk Management Committee* shares information related to risk factors that affect the Company as a whole to comprehensively manage the evaluation and prioritization of such risks, and formulate countermeasures. Specifically, we have positioned the following nine items as major risks and are working to manage and avoid them.
The Director in charge of risk management regularly reports Company-wide risk assessments and the status of response policies to the Board of Directors.
*The Risk Management Committee comprises members of the Kewpie Corporation Management Committee and the representatives of major divisions and subsidiaries. The committee is the Kewpie Group’s highest decision-making body related to risk management, and meets three times a year.
*Matters related to global environmental issues and climate change are handled by the Sustainability Committee.
Main Risk Management Activities
Risk Reduction for Overseas Development: "Internal Control Promotion Project" at Overseas Group Companies
Online meeting of the Internal Control Promotion Project
The Kewpie Group is engaged in growing and developing the Group by creating a safe and comfortable work environment for employees at overseas offices.
To form the core of these activities, we have created the Internal Control Promotion Project, consisting of the Legal, Finance, Human Resources, IT, Intellectual Property, Risk Management, Internal Audit, Overseas Business, and other departments. This Project promotes the development of an internal control system (governance, compliance, and risk management) that strengthens our management foundation and addresses various initiatives.
The Internal Control Promotion Project promotes the development of an internal control system by creating checklists for overseas risk management for each participating specialized department and communicating with each overseas company.
- ・Develop an anti-bribery program
- ・Establish a unified Business Continuity Plan (BCP) for use both domestically and internationally in the event of a crisis
- ・Promote information security measures
- ・Strengthen human resources and the labor management system (development and review of regulations and systems, training on philosophy, etc.)
- ・Training for members of overseas Group companies
We will continue to share the milestones and schedules of Project efforts with overseas Group companies and work together to further improve our overseas internal control systems.
Handling Measures for Unpredictable Situations Such as Natural Disasters Business Continuity Plan (BCP)
The task force meeting
Drawing on past experience with disaster, pandemics, and other crises, we have created a business continuity plan and measures across the Kewpie Group to be used in the event of a crisis.
Here are some of the main components:
- Maintain systems to enable a transfer of Tokyo head office functions over to the Kansai region
- Establish an emergency communication networks and stockpile emergency supplies
- Conduct seismic upgrades of production and logistics facilities
- Develop systems to verify the condition of production equipment
- Design redundancy into production bases for major products, raw materials procurement, and order processing functions
- Maintain a nationwide system that can have employees transition to working from home
We have prepared manuals for each type of crisis and conduct large-scale disaster response exercises (for initial responses, supply chains, and safety checks) to ensure proper execution of the content of manuals.
Through these activities, we take appropriate initial responses in the event of a disaster, transition quickly to recovery activities, encourage the restoration of normal business activities, and prepare to minimize damage from unforeseen circumstances.
Responding to Ransomware* Risk
Ransomware attacks on companies in Japan and overseas have been on the rise, so the Kewpie Group is raising awareness of the risk and implementing countermeasures.
We have been developing a work environment that will be resilient and responsive to an attack. In terms of enhanced infrastructure, we have added anti-malware measures to all PCs and servers. In terms of human resources, we run internal training programs for all employees and conduct attack email simulations regularly to raise awareness of cybersecurity.
*A malicious program that infects a device, encrypts the data saved on it to render it unusable, and then threatens to disclose the data unless a ransom for its decryption is paid.