Basic Policy on Risk Management
We systematically identify and evaluate risks that may arise from our business operations and implement measures to minimize negative impacts in order to fortify the sound and sustainable development of the EBARA Group. We are shifting from a system that focused on responding ad-hoc to individual risks that emerge in the course of business to a more systematic approach that emphasizes continuous implementation of improvements to the system parallel to enacting risk measures.
Risk Management System
The EBARA Group must reinforce its group governance and risk management measures in order to support the global expansion of its business. To strengthen group governance, we are revising our regulations for group administration and ensuring these regulations are observed. In addition, we have established the Risk Management Guidelines, which are meant to facilitate the development of risk management systems at group companies based on shared targets, as well as the Internal Control Guidelines aimed at enhancing internal controls. These and other frameworks are implemented at all group companies. We will pursue ongoing improvements to our risk management system by utilizing and entrenching these frameworks. The Risk Management Panel is in place as a body responsible for coordinating risk management activities, carrying out deliberation, and providing guidance and support for the implementation of improvements. The RMP is chaired by the President and Representative Executive Officer and made up of all Executive Officers. Furthermore, Non-executive Directors attend the panel and exercise supervisory functions in risk management by providing advice and the like as necessary. The RMP reports its deliberations to the Board of Directors and the Board of Directors conducts appropriate oversight.
|Risk Management Panel (RMP)||Deliberate and oversee overall risk management strategy/measures for the Group and provide guidance and support for improvements||
Members: All Executive Officers
Chair: President and Representative Executive Officer
|Business Continuity Management (BCM)Subcommittee||Ensure business continuity in the event of large-scale disasters||
Department heads of Risk Management/ HR/General Affairs/Information Systems/Business Segment Risk Management Departments
Chair: Risk Management Division Executive Officer
|Information Security Subcommittee||Strengthen information security measures with a particular focus on IT Security and Information Management||
Members: Department heads of Risk Management/Information Systems
Chair: Person responsible for Group Information Security
|Company Risk Management Committees||- Respond to risks faced by each business segment and each Group Company under the purview of each business segment regarding sales projects, contracts, investment and financing, and so on
- Implement improvement measures indicated by the Risk Management Panel
Members: Nominees of Company Presidents
Chair: Company Presidents
Main Risks and Countermeasures
|1. Risks associated with ordinary business activities||- The Anti-Corruption Program is implemented at subsidiaries and support is provided to help subsidiaries establish basic policies on anti-corruption and other relevant internal regulations and rules
- In Japan, a specialized committee spans our organization laterally and discusses policies, establishes regulations, and implements and manages policies and regulations through educational activities
- A specialized corporate department monitors the status of compliance and provides support as necessary
|1) Compliance risks|
|(1) Prohibition of cartels and bid-rigging
(2) Prohibition of bribery
(3) Antisocial forces
(4) Trade security management
(5) Compliance with Construction Business Act
(6) Compliance with Act against Delay in Payment of Subcontract Proceeds, Etc. to Subcontractors
|2) Risks associated with the reliability of financial reporting||-
For consolidated companies, we conduct assessments of the implementation and operational status of our internal control systems based on Japan's Financial Instruments and Exchange Act
- The Internal Control Guidelines are implemented at all subsidiaries to promote improvements through self-checks
|3) Sales project risks
4) Loan and investment risks
|- Company risk management committees and the Risk Management Panel discuss specific risk issues and major projects.|
|5) Environmental risks||- We have acquired and maintain ISO 14001 certification at all sites in Japan
- We promote the incorporation of EMS in accordance with ISO14001 at all overseas group companies
- Environmental assessments are conducted with regard to installation work performed at group companies in Japan
- On-site surveys regarding environmental management are performed at overseas production bases and guidance for improvements is provided on an ongoing basis
|6) Other operational risks||- We have specialized committees pertaining to procurement and occupational health and safety
- The Information Security Subcommittee has been established as a subcommittee under the Risk Management Panel and it creates and implements activity policies and action plans
|2. Unprecedented Crisis||- We have established the Business Continuity Management Subcommittee
- Each division has a business continuity plan and conducts education and training
- We have established a contact system and prepared a manual for measures in response to emergencies overseas
The EBARA Group strives to act as a good corporate citizen that earns the trust of stakeholders. For this reason, the EBARA Way and the EBARA Group Code of Conduct are shared among all employees to form a common identity and set of values. With this as the foundation, it is our basic policy to practice strict legal compliance, adhere to internal rules and social norms, and act with common sense, good intentions, and integrity.
The foundation of our risk management is creating ever greater awareness of the importance of compliance. This awareness allows us to detect risks early, prevent their actualization and to establish comfortable and open workplace environments.
Compliance Whistle-blowing Hotlines
The EBARA Group has established compliance consultation hotlines and is working to ensure that employees are familiar with how to use them in order to foster comfortable workplace environments, detect potential issues/risks at an early stage, and heighten its capacity to proactively solve issues in-house.
In Japan, whistle-blowing hotlines have been installed at all Group companies and we are transitioning to a system in which reported incidents are addressed by the site at which the issue was reported (e.g., at the head office or Group Company site, etc.) At overseas Group companies, we continue to reinforce the Overseas EBARA Group Hotlines, which
are designed to increase the transparency of Group companies, to strengthen the internal whistle-blowing hotline capabilities of these companies, and to support their healthy and autonomous operation.
— Compliance Consultation Hotline Policies —
|1||.||Prevent improper activity before it happens|
|2||.||Quickly detect improper activity (non-compliance) that may have occurred|
|3||.||Create comfortable workplace environments|
|4||.||Foster internal capabilities for resolving issues|
|5||.||Maintain the confidentiality of and protect those who report|
Status of Compliance Consultation Hotlines
The EBARA Group has established both internal and external compliance consultation hotlines, to facilitate the prompt resolution of compliance issues that may arise during the course of every day operations. These hotlines enable stakeholders to report concerns or blow the whistle regarding non-compliance directly to the department in charge of compliance, the Audit Committee Office, or an external law firm.
Furthermore, an internal regulation holds that the privacy of the whistleblower and other related persons must be protected and that disadvantaging or punishing any person who utilizes these hotlines or is asked to corroborate facts during an investigation or other such involvement, is expressly forbidden.
Consultation/whistleblowing is widely accepted from executive officers, directors, employees, their families, business partners, and other stakeholders. Upon receipt of a consultation, the internal department in charge of compliance conducts an investigation and takes appropriate action to resolve the issue. The operation status of the hotlines is reported to the CSR Committee, chaired by all executive officers and attended by directors. The deliberations of the CSR Committee are reported to the Board of Directors and appropriate oversight is conducted. In FY2019, there were 2 consultations to the Overseas EBARA Group Hotlines and 49 total in Japan.
|External law firm||Available to executive officers, directors, employees and their families, business partners, and other stakeholders for consultation/whistleblowing regarding compliance issues, including issues related to human rights.|
|Internal department in charge of compliance||Accepts consultations/whistleblowing regarding human rights issues, such as types of harassment, and compliance in general.|
|Compliance Liaisons||Approximately 90 people have been appointed at workplaces around Japan, including at domestic subsidiaries, to act as an on-site hotline/first responder.|
|Audit Committee Helpline||The Audit Committee Office accepts consultations/whistleblowing concerning the misconduct of executive officers or directors. For example, violations of laws, regulations, EBARA’s Articles of Incorporation or Business Ethics Framework (including the Code of Conduct), incidents of improper accounting or other activities that pose risk of significant damage (financial or otherwise) to the Group.|
|Overseas EBARA Group Hotlines||We have been installing hotlines at overseas group companies, beginning with high-risk countries, as a part of the strategy to strengthen our anti-corruption program since 2016. Installation has, at the end of FY2019, been completed in seven countries at 17 group companies.
The contact point is an external law firm and anonymous reports are accepted. Consultations/whistleblowing received by the firm are reported to the department in charge of compliance at EBARA headquarters
Business Continuity Management
The EBARA Group’s products, technologies, and services are used in every corner of our society, industry, and daily life, including water supply and sewage systems, flood-control drain pumps, waste incinerators, power plants, steel, chemical, semiconductor, and other types of plants, hospitals, commercial buildings, and condominiums. It is the mission of the EBARA Group to provide products and services to help continue or quickly recover these functions when a massive disaster strikes.
In the event of a disaster of a scale that may disrupt business, the local headquarters set at each location takes the initiative by conducting evacuations, rescues, putting out fires and any other conduct necessary to secure the safety of our employees and prevent further damage to facilities. After the initial response, the business continuity and recovery activities begin, with the intent to mitigate damage to ongoing projects and facilitate the rapid recovery of important business. The headquarters for company business continuity measures monitors’ company-wide progress, disseminates information and makes company-wide instructions.
Groupwide Crisis Simulations (in Japan)
We conduct groupwide crisis simulations all employees of the domestic EBARA Group participate in every year.
On 3 September 2018, the simulation included the set-up and operation of a crisis-response general headquarters and local headquarters and evacuation drills in districts, offices, sales offices and domestic group companies. Through this simulation, we reaffirmed the correct procedures to take during a crisis and raised the awareness of each employee regarding crisis response.
The simulation situation was of a large earthquake directly under the capital of Tokyo in the early morning in which the members of the crisis-response general headquarters (EBARA's Executive Officers) would have limited means of communication. The supervising headquarters and the Osaka branch office (secretariat) worked together to practice first-response to this crisis situation.
Osaka Branch Office (Secretariat)
Each local crisis-response headquarters practiced gathering information regarding safety status and damages and reporting it to the general headquarters.
We conducted evacuation drills based on the Evacuation Guidance Plan at each site and practiced confirming the safety of all employees.
At the Haneda headquarters, we conducted emergency building checks in line with the “Guidelines for Emergency Building Inspections” released by the Cabinet Office of Japan.
Conducting building-tilt inspection
We protect our information systems while managing data in an appropriate fashion and never use information in unethical ways. Furthermore we take extensive measures to protect personal information of employees, customers and suppliers alike.
Information Security Policy
The following five principles are part of the EBARA Group’s information security policy and must be followed by all executive officers and employees of the EBARA Group:
|1||.||Fully understand the impact of information leakage and recognize the necessity of protection from such leakage.|
|2||.||Do not take out important information outside the Company. If necessary for business, get necessary permission.|
|3||.||Take suitable countermeasures against carelessness or other actions which may lead to information leakage, and prepare in advance for the effects of information leakage.|
|4||.||Control and maintain significant information so that you can identify and restrict when information leakage has occurred.|
|5||.||In the event of a leak of significant information, immediately inform the relevant departments of the Company and take necessary action.|
Approach to Information Security:
1. Management regulations, education, etc.
We at EBARA Corporation have established Information Security company regulations and operate in accordance with these regulations. In addition, we regularly create various manuals, educational materials as well as a yearly e-learning module to educate employees about information security.
2. Physical Security
We take measures to protect our data and other system infrastructure from earthquakes, power failure and other disaster scenarios. We also protect our infrastructure and other data including documents and storage media through proper security measures such as theft prevention measures and proper disposal methods at various business locations to prevent data leakage.
3. Operational Management of Information Systems and Communication Networks
We strive to ensure our systems and software are always on the cutting edge in order to minimize risks associated with older systems. We also monitor and protect a variety of devices in order to catch security threats early. In addition, we use encryption technology and passwords, etc. to protect sensitive information and minimize information security incidents.
4. Access Management, Development and Maintenance of Security Measures
We ensure the proper management of passwords, IDs, approval authority, access to privileged information and systems based on our IT General Control Rules. In addition, we strive for the standardization and systematization of system development, construction, and maintenance.
5. Response to Incidents and Emergencies
We are constantly evaluating and working to improve our incident management, duplication of important equipment and networks, back-ups as well as our communication, reporting and established recording processes based on our Management System.