Risk Management
The following are the main risks deemed to have the potential to have a significant impact on the business results, financial condition, and cash flow (hereinafter referred to collectively as “business results, etc.”) of the TIS INTEC Group. The Group defines “risk” as “any factor that may hinder the achievement of the management philosophy, goals, and strategies of the Company and the Group by causing economic loss; the interruption, stagnation, or suspension of business operations; and/or damage to the Company’s credit or brand image”. In addition, the Group-wide risks are classified into strategic risks, financial risks, hazard risks, and operational risks according to the Group’s rules on risk management.
Using the Group’s risk management evaluation method, all risks are comprehensively evaluated from the viewpoint of occurrence frequency and degree of damage caused. However, the nature and degree of the impact that each risk will have on the Company’s business results, etc. will vary depending on the nature of each risk event, the likelihood that the risk will emerge, and the timing of that emergence. Since more specific explanations of each risk are difficult, detailed descriptions of the potential damage to the Company’s business results, etc. have been omitted.
Note that all forward-looking statements in this document are based on information available to the Group as of June 26, 2023.
The Group has established rules for risk management to ensure an accurate understanding of the risks facing the Group and prevent losses from occurring. In accordance with these rules, we have appointed an executive to oversee risk management of the entire Group. Also, a risk management department has been established to prepare a risk management system. In addition, we have established a risk management policy for the entire group and regularly check the implementation status of measures to control risk. When a group company becomes exposed to a serious risk, a task force is set up and appropriate measures are taken to minimize damage.
As for the status of the risk management system, we will promote various measures to maintain and improve Group-wide internal controls according to a basic policy and various regulations regarding the internal control system and monitor the development of internal control system and operation status and establish the process of reporting deliberation results to the Board of Directors upon deliberation at Group Internal Control Committee.
<Risk Assessment Process>
Both the risk policies (top risk direction and major risks) prepared by the president of each group company based on the Group’s priority risks as well as the risks identified by each division are evaluated. The Group Internal Control Committee examines the risks faced by the Group twice a year, confirming issues related to those risks and evaluating the status of improvement measures, which are reported to the Board of Directors. Based on its reports to the Board of Directors, initiatives are implemented to strengthen and improve the Group-wide internal control system.
<Risk Management Process>
1) Strategic risks
a. Human resources
Human resources are the Group’s most important management resource, and its business activities are significantly influenced by its ability to secure and develop superior individuals capable of providing specialized, high value-added services to clients. The Group’s business and operating results, etc., may therefore be negatively affected if the Group cannot secure and develop superior human resources according to its plans. To this end, the Group has visualized its human resources portfolio based on the current situation, and is strengthening investment to acquire and grow specific personnel who will drive structural transformation toward the realization of its business and business strategies, as well as focused human resources that need to be continuously strengthened in each business area. In order to enhance the effectiveness of human resources strategies tailored to the business, we share business and organizational issues with top management and are strengthening our “HR business partner function”, which supports the acquisition, development, placement, organizational climate reform, and realization of business strategies on the job site in line with the business environment and issues, while promoting the “development of the HRDX platform”, which monitors and analyzes the execution status and support its implementation. The Group therefore, with the aim of enhancing work-style reform and job satisfaction, strives to secure talented human resources by means such as providing a corporate culture, HR systems, and an office environment in which a diverse group of people can thrive. Additionally, the Group focuses on human resources training by means such as providing support for acquiring certifications, career development support, systemizing its training program, and creating plans and targets for the number of training days.
b. Changes in the market
As the Group’s business domain changes and society changes, the technologies and services required by society are expected to change significantly. As a result, there is a risk that the Group’s technology and services may become obsolete due to delays in identifying the technology seeds that will be required in the future, resulting in a decline in competitiveness. With these changes, the Group’s business and operating results, etc., may be negatively affected if competitive advantage is lost due to price competition beyond expectations and the Group becomes unable to provide the high-quality services that customers have come to expect because of a failure to take appropriate measures or allowing technologies and know-how to become obsolete.
The Group continues to analyze the environment in its management plans to understand market needs, differentiate the Group from competitors by adding more value to the services the Group provides, constantly conducting investigation and research in areas such as information technologies as well as production and development technologies, selecting from a broad technology portfolio of core technologies that will enable the Group to sustain and improve its development competitiveness. Likewise, it is advancing R&D and deploying the results, while carrying out productivity innovation activities and enhancing the digital transformation value it provides, as well as controlling unprofitable projects and productivity innovation activities.
c. Investments
The Group invests in companies in Japan and overseas, including venture companies, to establish capital and business alliances mainly for the purpose of business expansion, acquisition of cutting-edge technologies, and the execution of mergers and acquisitions. It also makes investments in large IT facilities, such as data centers operating 24 hours a day, 365 days a year, which support the deployment of outsourcing and cloud services businesses (including continued capital investments to fund initial construction and the stable operation of existing facilities), and in software needed to promote service-based business. Unanticipated changes in the business environment may result in investments failing to yield the expected result or return or make assets obsolete, thereby impacting the Group’s business and operating results, etc. In addition, any potential misconduct or system failures by a corporate counterparty immediately after an investment or M&A transaction may result in a loss of credibility and brand image of the Group, lawsuits, and other repercussions.
Accordingly, all investment decisions are made after thorough examination of the business plan by either the Board of Directors, the CVC Investment Committee, or the Investment Committee, depending on the investment project, and the progress of the business plan is periodically confirmed after investments have been made. In addition, for companies with which we have entered into large-scale capital tie-ups or mergers and acquisitions, we continuously implement necessary measures based on prior verification and examination of the risks involved in their business activities, and dispatch executives to them so that we can quickly ascertain their status.
d. Overseas business
Overseas business may be impacted by various factors, including global economic and foreign exchange trends, legal regulations on investment and competition, local business practices, and labor-management relations. If one of these factors manifests itself in an unanticipated manner, it may impact the Group’s business and operating results, etc.
As part of its growth strategy, the Group is pursuing capital and business alliances as well as M&A with local companies in order to achieve expansion of overseas businesses, with a focus on ASEAN countries. In making such investments, the Company conducts detailed investigations on the business performance and financial position of the target company, and after the investment, business promotion and corporate planning business units work together to conduct monitoring and report periodically to the Board of Directors.
Additionally, the Company is dispatching personnel to operating companies, and promoting efforts to strengthen the governance of overseas subsidiaries and affiliates led by the Global Financial Planning Office, a dedicated body established within the Company.
e. Human rights
The Group’s business activities may have a direct or indirect negative impact on certain stakeholders. The occurrence and disclosure of such events could result in damaging the reputation and credibility of the Group, and could affect the Group’s business and operating results.
The Group’s human rights policy is based on the “Guiding Principles on Business and Human Rights” adopted by the United Nations Human Rights Council in June 2011. Furthermore, by promoting human rights due diligence in line with this policy, the Group aims to take appropriate measures to identify and correct any negative impacts of the Group’s business activities on society at an early stage. In fiscal 2022, the Group disclosed the identification process and detailed analysis of potential human rights risks that were identified in the previous fiscal year that are closely related to operations in the Group, as well as response policies. The Group will continue to analyze and address the identified risks in more detail.
f. Geopolitical risks
Newly emerging international pressures, exchange rate trends, trade issues, or effects on procurement costs due to warfare, civil strife, political upheaval, revolution, terrorism, rioting, etc., may impact the Group’s business and operating results.
When such events occur, the Group will promptly ascertain the impact on the Group and quickly engage in activities to prevent losses due to each risk. In addition, the Group will implement measures based on the BCP plan as appropriate when there is a possibility that this may impair business continuity. In fiscal 2022, crisis response for expatriates and what to do when offshore transactions are interrupted are under consideration.
g. Reputational risk
If risks are not properly managed and have a negative impact on society, or if the Company is recalled to be associated with any negative impact that other companies have had on society, the Company’s business may be interrupted, stagnate, or be suspended due to loss of credibility and brand image, or it may potentially lose customers or business partners. The Company believes that this risk increases particularly in proportion to the expansion of the Company’s business and the increase in its name recognition, and that if the Company fails to manage the risk promptly, even an incident that occurs at a subsidiary of the Group could spread to the entire group. Therefore, in order to respond promptly to this risk, the Group has established a cross-group escalation system and prepared a response manual in the event of a crisis.
2) Financial risks
a. Owned securities
The Group buys and holds the equity shares of suppliers and other business partners in cases where it deems such investments will enable it to establish stable alliances and cooperative relations that lead to new business opportunities and will support the sustainable growth of the Group and enhance its medium- and long-term corporate value. The Group also invests in bonds as part of its short-term surplus fund management operations. However, the Group’s business and operating results, etc. may be impacted if sharp fluctuations in the market prices of these marketable securities or deterioration in management conditions of issuing entities requires the posting of accounting losses or other similar measures.
Accordingly, the Group carefully confirms the reliability of these securities by thoroughly examining issuers’ financial condition, business results trends, credit ratings, and other relevant indicators. In addition, the Group regularly reviews the suitability of continuing to hold the securities and reduces them if continued holding is deemed to lack meaningfulness.
3) Hazard risks
a. Pandemics (the global spread of infectious and communicable diseases)
Restrictions on activities both domestic and foreign due to a pandemic will affect the Group’s business and operating results, etc., if it sharply constricts the productive activities of our employees and those of our business partners.
Should a pandemic occur, the Group will make every effort to properly ascertain the responses of the World Health Organization (WHO), the Japanese government, and other relevant authorities. Action will also be taken to strengthen hygiene at our offices, data centers, and other work sites, based on the Group’s business continuity plan. The Group will also refrain from sending employees to work in areas heavily stricken by infections. In addition, the Group has established work environments that facilitate working from home and have ensured that operations, including the decision-making process for important matters of the Group, can be conducted in line with work procedures predicated on teleworking.
b. Natural disasters and accidents
As the likelihood of natural disasters, including floods, occurring in unconventional locations and frequencies is increasing due to global warming, large-scale natural disasters and the accompanying longer-than-expected power outages could affect outsourcing and cloud services businesses, which use large-scale IT facilities such as data centers which the Group operates.
In accordance with the Group’s business continuity plan therefore, the Group is preparing various equipment environments that will facilitate data centers’ response to all manner of disasters. In addition, the Group has been gradually closing older data centers and focusing on the development of state-of-the-art data centers with seismic-isolation structures, robust disaster-mitigation equipment, emergency power generators, fuel storage equipment, and other highly reliable electric power equipment as well as contracts for prioritized power supply. In addition, based on the business continuity plan that the Company has formulated, the Company is enhancing its business continuity capabilities by establishing stockpiles, conducting drills, establishing a remote work system aimed at mitigating the impact when conditions make commuting to work difficult, and promoting a paperless workflow.
4) Operational risks
a. System development
Outsourced development and maintenance of various information systems for client companies is one of the Group’s core businesses. As system development becomes more sophisticated, complex, and subject to tighter time constraints, larger-than-expected costs may be incurred if additional work is required to secure the planned level of quality or if a project cannot be completed on schedule. These increased costs and the possibility of claims for damages from clients, etc., could impact the Group’s business and operating results.
The Group has therefore developed its own original “Trinity” quality management system based on the ISO 9001 standard. Using this system, the Group is continually enhancing quality management and raising productivity by using dedicated organizations to thoroughly screen business proposals and review projects at each stage of development. In addition, the Group has established the Group Quality Executive Meeting to lead efforts to improve quality and promote production innovation measures throughout the Group while also enhancing management and technological capabilities by strengthening training programs for each employee rank.
Meanwhile, some systems development tasks are being outsourced to domestic and overseas business partners for reasons such as securing production capacity, raising productivity, and utilizing technical capabilities. If the productivity or quality do not meet expectations, smooth project management may not be realized and the Group’s business and operating results, etc., may be impacted.
The Group therefore seeks to secure superior business partners in Japan and overseas. That effort includes regular meetings with and questionnaire surveys of our partners so that we fully understand their situation and are able to build strong relationships.
b. System operation
The Group uses data centers and other large IT facilities to provide its outsourcing business and cloud services business. If system problems arise due to human error or equipment malfunctions during system operation and the Group is unable to provide services at the level agreed upon with the client, the Group’s business and operating results, etc., may be impacted.
The Group has therefore developed a system maintenance/operation framework based on ITIL (Information Technology Infrastructure Library) practices and is using this framework to direct constant efforts to improve system operation quality and to establish and strengthen measures for early detection and confirmation of system failures and measures to reduce and prevent the occurrence of failures.
c. Information security
Through its wide-ranging business activities, from system development to operation, the Group is in a position to handle various types of confidential information, including personal information held by clients and information about their systems’ technologies, etc. of the clients. If such confidential information were to be leaked or manipulated, the Group’s business and operating results, etc., could be impacted by claims for damages from client companies and by a loss of trust in the Group’s services. And with the Internet having become part of the social infrastructure and various forms of information easily spreading in an instant, the range of users has expanded and convenience increased. However, the risk of accidents and system failures due to unauthorized external access is increasing. If the Group fails to respond appropriately to such a situation, its business and operating results, etc., could be impacted by claims for damages from clients and by a loss of trust in the Group’s services.
The Group has therefore established an information management system based on its Information Security Policy. The system is contributing to appropriate information management while also assisting our efforts to raise awareness through employee education and training programs. In addition, the Group applies the Group’s information security promotion guidelines to guide its checks and evaluations of the levels of information security management across the entire group, as well as subsequent promotion of improvement measures. When an information security breach does occur, the Group takes responsibility and establishes an investigative committee to look into the cause, implement countermeasures, and prevent recurrence. This fiscal year the Group renewed its SOC (Security Operation Center) and SIEM (Security Information and Event Management), and has promoted the implementation of a company wide and group wide zero-trust environment.
Regarding the personal information the Group handles, the Group has established a group wide information management system based on Japan’s Act on the Protection of Personal Information and regulations on the handling of Individual Numbers and information about specific individuals. The Group is also conducting education and training programs for employees to thoroughly raise their awareness of the importance of protecting personal information. These efforts are contributing to more appropriate handling of personal information, including stronger management of client information. And the Group is implementing security measures using a zero-trust security model to address the diversification of workplaces with the full-scale implementation of working from home. Furthermore, TIS and other Group companies have obtained Information Security Management System (ISMS) certification and the JIPDEC’s PrivacyMark.
Additionally, the Group has defined a group-wide CSIRT (Computer Security Incident Response Team) system to respond to cyber attacks and share information at the Group Security Promotion Meeting, and also operates “TIS-CSIRT” as an in-house CSIRT for early detection of incidents and quick and accurate emergency response. In addition, the Group collects, analyzes, and disseminates a wide range of security-related information, including the latest attack methods and incidents, and also monitors communications, responds to emergencies, and coordinates with external parties.
d. Legal systems, compliance
The Group conducts its various business activities in compliance with laws and regulations in Japan and other countries. If the Group were to contravene a law or regulation, or a new law or regulation were introduced, the Group’s business and operating results, etc., could be affected. In addition, in the event of discrimination or harassment, should there be a reduction in productivity, an increase in costs, and/or a decline in employee engagement, the Group's business and operating results may be affected.
The Group therefore has established a compliance structure based on its Basic Direction on Corporate Sustainability and Group Compliance Declaration, and it works to educate all employees regardless of employment status and comply with all laws in an endeavor to conduct its business activities fairly. In accordance with the Group’s compliance regulations, important compliance issues for the entire Group are discussed, measures to prevent recurrence are decided, and the status of the implementation of these measures is then monitored in an effort to ensure their adoption throughout the Group. One such measure is the tightening of regulations on contracted work and temporary staffing, an important issue for the Group because of the transactional nature of the IT services industry. The Group is working on a dedicated risk management system and the creation of group guidelines and independent inspection checklists that will contribute to the appropriate operation of the system. In addition, to prevent illegal activities and detect and correct them at an early stage, the Group has introduced a whistle-blowing system and established a reporting and consultation desk, thereby raising awareness of legal compliance throughout the Group. Furthermore, the Group will conduct education and awareness-raising activities aimed at building good relationships and establishing smooth communication in order to help prevent discrimination and harassment, and will take fair and strict measures in the event that such incidents should occur.
e. Intellectual property rights
The Group’s business activities entail the use of technologies, licenses, business models and various trademarks that may be subject to intellectual property rights. Accordingly, the Group takes great care to ensure that it does not infringe the intellectual property rights of third parties. Nonetheless, if the Group were to infringe another company’s intellectual property rights, it could be presented with an injunction and a claim for damages. In such a case, the Group’s business and operating results, etc., could be impacted. To prevent such an event, the Group is strengthening its framework for preventing violations of intellectual property rights and is conducting education and training programs to raise employees’ awareness of this issue. Meanwhile, the Group also regards its own intellectual property as an important management resource and takes all necessary means to protect this valuable resource.
f. Climate change
In response to climate change, companies are gradually becoming more committed to, and responsible for, both mitigation involving reducing greenhouse gas emissions and adaptation involving reducing the adverse effects of climate change, and as a result, there is a growing demand to promote the use of renewable energy in business and corporate activities. Therefore, if the Group’s energy costs are significantly impacted by fluctuations in demand for renewable energy, or if the Group’s transition to renewable energy is delayed, the Group’s business and operating results may be affected.
The Group has therefore endorsed the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD), carries out continuous assessments in accordance with the TCFD recommendations framework, and discloses the results to the public to explain our efforts to help mitigate climate change