Internal Controls and Risk Management System
NSSMC has established an internal control system, in line with a standard framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Basic policy concerning the internal control system was resolved by the Board of Directors and subsequently the Basic Rules for Internal Control were stipulated, and as a result the internal control and risk management system was established and is managed as follows.
- • We devise an annual plan on internal control and risk management (Internal Control Plan) and act accordingly.
- • At the Risk Management Committee, which is independent from the Audit & Supervisory Board and is chaired by the executive vice president in charge of Internal Control & Audit, the following items are regularly reported:
- -the status of planning and implementation of an annual plan of internal control (the Internal
- Control Plan);
- -compliance with the Anti-Monopoly Act and anti-corruption laws including bribery of officials and
- -compliance with internal rules such as the Employee Action Guidelines; and
- -risk management issues, including ESG risks, such as labor safety; abuse of human rights (such
- as sexual and power harassment), environmental, disaster-preventive, quality, and financial
- reporting, and information security.
- Significant risks are reported and discussed at the Corporate Policy Committee, meetings of
- which are attended by the Chairman and the President.
- • The Board of Directors supervises risk management and evaluates its effectiveness by regularly receiving reporting on important managerial risks, such as those stated above, which are reported and discussed at the Risk Management Committee and the Corporate Policy Committee.
- • Each division of the Company designates a person in charge of risk management, and each group company also designates a risk management official. This is to encourage each division and company to take initiatives and share information about risk management within their organization through regular meetings and other means.
- • NSSMC regularly checks the Group-wide status of internal control by establishing measures to check and supervise matters related to internal control and risk management.
- • The NSSMC Group clearly states in its internal rules a zero-tolerance approach to violations of laws and regulations, which include provision of cash, gifts, excessive entertainment, and benefits to government officials, politicians, national enterprises, public agencies, and others; briberies including personal embezzlement and provision of convenience; and corruption.
- • Anticipating the possibility of national disasters, such as earthquakes, and environmental accidents, we have developed a business continuity plan (BSP), regularly have a drill, and be prepared. We have also decided on countermeasures against occurrence of an accident, such as the urgent formation of an emergency control headquarters, in order to minimize operational impacts and secondary damage.
- • As a whistleblower & consultation system, we have set up a Compliance Consulting Room (Internal Control & Audit Division being the internal point of contact; an outside specialized agency serves as outside contact) to receive notifications or inquiries (that can be anonymous) concerning violation of laws, or regulations, or internal rules, including those related to bribery, from employees and family members of NSSMC and its group companies, and from business partners, to prevent such violations and help improve operations. In fiscal 2017, the Compliance Consulting Room received a total of 257 notifcationss and inquiries.
- • When the Compliance Consulting Room receives a notification or inquiry, the matter is reported to the General Manager of the Internal Control & Audit Division and a counseling staff interviews the informant and investigates the matter and facts. In case an outside specialized agency receives a notification or inquiry, the agency takes up the matter and deals with solving the issue, jointly with NSSMC. • Notification from outside stakeholders concerning NSSMC’s violation of laws, regulations, or
internal rules, and other issues is accepted from an inquiry form on NSSMC’s website. The
information received is handled as confidential matter and responded jointly with the
Compliance Consulting Room, depending on its content.
We regularly review the compliance status of laws, regulations, the Employee Action Guidelines and others, by doing internal auditing of internal divisions and group companies, by using the whistle-blowing & consultation system and questionnaires sent to all employees, and other measures. Based on those results, we also regularly review effectiveness of the internal control system and reflect the results of this review in the internal control plan of the next fiscal year.
• In case of occurrence of a violation of laws, regulations, or internal rules, we follow these
response and control processes:
-The Internal Control & Audit Division Department instructs and guides a division or a group
company where such violation occurred, on how to initially respond, how to investigate facts and
causes, and how to plan preventive measures against recurrence. Based on these, the division
or group company concerned implements the measures needed.
-The Internal Control & Audit Division reports the matter and facts, causes, and preventive
measures against recurrence concerning significant violation of laws, regulations, and internal
rules, to the Risk Management Committee. The Committee then evaluates the appropriateness
of the response, effectiveness of the preventive measures for recurrence, responsibility of
relevant persons, and other items.
-The Internal Control & Audit Division shares information on significant violations of laws,
regulations, and internal rules within the NSSMC Group, and encourages each division and group
company to check and ascertain appropriateness of its operations.