The following are the main risks deemed to have the potential to have a significant impact on the business results, financial condition, and cash flow (hereinafter referred to collectively as “business results, etc.”) of the TIS INTEC Group. The Group defines “risk” as “any factor that may hinder the achievement of the management philosophy, goals, and strategies of the Company and the Group by causing economic loss; the interruption, stagnation, or suspension of business operations; and/or damage to the Company’s credit or brand image”. In addition, the Group-wide risks are classified into strategic risks, financial risks, hazard risks, and operational risks according to the Group’s rules on risk management.
Using the Group’s risk management evaluation method, all risks are comprehensively evaluated from the viewpoint of occurrence frequency and degree of damage caused. However, the nature and degree of the impact that each risk will have on the Company’s business results, etc. will vary depending on the nature of each risk event, the likelihood that the risk will emerge, and the timing of that emergence. Since more specific explanations of each risk are difficult, detailed descriptions of the potential damage to the Company’s business results, etc. have been omitted.
Note that all forward-looking statements in this document are based on information available to the Company as of June 27, 2022.
The Company has established rules for risk management to ensure an accurate understanding of the risks facing the Group and prevent losses from occurring. In accordance with these rules, we have appointed an executive to oversee risk management of the entire Group. Also, a risk management department has been established to prepare a risk management system. In addition, we have established a risk management policy for the entire group and regularly check the implementation status of measures to control risk. When a group company becomes exposed to a serious risk, a task force is set up and appropriate measures are taken to minimize damage.
The risk management system falls under the jurisdiction of the Group Internal Control Committee, which promotes various measures to maintain and improve Group-wide internal controls according to a basic policy and various regulations regarding the internal control system. The Committee then monitors the implementation of those measures and the operational status of the internal control system and reports its findings to the Board of Directors. Based on its reports to the Board of Directors, initiatives are being implemented to strengthen and improve the Group-wide internal control system.
The Group Internal Control Committee examines the risks faced by the Group twice a year, confirming issues related to those risks and evaluating the status of reform measures.
1) Strategic risks
a. Human resources
Human resources are the Group’s most important management resource, and its business activities are significantly influenced by its ability to secure and develop superior individuals capable of providing specialized, high value-added services to clients. The Group’s business and operating results, etc. may therefore be negatively affected if the Group cannot secure and develop superior human resources according to its plans. To this end, the Group has developed a human resource portfolio in order to achieve its business goals, and in order to realize this portfolio, the Group is strengthening its investments in acquiring and developing its human resources. The Group therefore, with the aim of enhancing workstyle reform and job satisfaction, strives to secure talented human resources by means such as providing a corporate culture, HR systems, and an office environment in which a diverse group of people can thrive. Additionally, the Group focuses on human resources training by means such as providing support for acquiring certifications, career development support, systemizing its training program, and creating plans and targets for the number of training days.
b. Technological innovation
In the information services industry to which the Group belongs, providers must respond quickly to advances in information technology and to changing market needs that parallel these advances. Particularly as the difficulties caused by the new coronavirus infection gradually eases, and the new working environment becomes more pervasive, we can expect to see changes in society as a whole and significant changes in the technology required. With these changes, the Group’s business and operating results, etc. may be negatively affected if we lose our competitive advantage and become unable to provide the high-quality services that our customers have come to expect because we fail to take appropriate measures or let our technologies and know-how become obsolete.
The Group is therefore strengthening its ability to meet customer expectations by constantly conducting investigation and research in areas such as information technologies as well as production and development technologies, selecting from a broad technology portfolio the core technologies that will enable us to sustain and improve our development competitiveness. Likewise, it is advancing R&D and deploying the results, and continuously carrying out productivity innovation activities and enhancing the digital transformation value it provides.
c. Price competition, intensification of competition
In the information services industry to which the Group belongs, competition among businesses is intense. In addition, there are increasing numbers of new entrants from other industries who could further increase price competition. If this price competition intensifies more than expected, it could impact the Group’s business and operating results, etc.
The Group is therefore responding by constantly analyzing the business environment to better grasp customer needs, offering higher value-added services and taking other measures to differentiate itself from competitors, and improving productivity by curbing unprofitable projects and engaging in productivity innovation activities.
The Group invests in companies in Japan and overseas, including venture companies, to establish capital and business alliances mainly for the purpose of business expansion, acquisition of cutting-edge technologies, and the execution of mergers and acquisitions. It also makes investments in large IT facilities, such as data centers operating 24 hours a day, 365 days a year, which support the deployment of outsourcing and cloud service businesses (including continued capital investments to fund initial construction and the stable operation of existing facilities), and in software needed to promote service-based business. Unanticipated changes in the business environment may result in investments failing to yield the expected result or return or make assets obsolete, thereby impacting the Group’s business and operating results, etc. In addition, the Group's business and operating results may also be affected by negative impacts from business activities, such as reputational risk and lawsuits due to scandals, system failures, etc. occurring at companies in which we have invested particularly immediately after making such an investment or at M&A partners immediately after concluding an M&A deal.
Accordingly, all investment decisions are made after thorough examination of the business plan by either the Board of Directors, the CVC Investment Committee, or the Investment Committee, depending on the investment project, and the progress of the business plan is periodically confirmed after investments have been made. In addition, for companies with which we have entered into large-scale capital tie-ups or mergers and acquisitions, we continuously implement necessary measures based on prior verification and examination of the risks involved in their business activities, and dispatch executives to them so that we can quickly ascertain their status.
e. Overseas business
Overseas business may be impacted by various factors, including global economic and foreign exchange trends, legal regulations on investment and competition, local business practices, and labor-management relations. If one of these factors manifests itself in an unanticipated manner, it may impact the Group’s business and operating results, etc.
As part of our growth strategy, the Group is pursuing capital and alliances as well as M&A with local companies in order to achieve expand overseas business, with a focus on ASEAN countries. In making this investment, we conduct detailed investigations on the business performance and financial position of the target company, and after the investment, business promotion and corporate planning business units work together to conduct monitoring and report periodically to the Board of Directors.
Additionally, we are dispatching personnel to operating companies, and promoting efforts to strengthen the governance of overseas subsidiaries and affiliates led by the Global Financial Planning Office, a dedicated body established within the Company.
f. Human rights
The Group's business activities may have a direct or indirect negative impact on certain stakeholders. The occurrence and disclosure of such events could result in damage to the reputation and credibility of the Group, and could affect the Group’s business and operating results.
The Group's human rights policy is based on the Guiding Principles on Business and Human Rights adopted by the United Nations Human Rights Council in June 2011. Furthermore, by promoting human rights due diligence in line with this policy, we aim to take appropriate measures to identify and correct any negative impacts of the Group's business activities on society at an early stage. In fiscal 2021, we took stock of the Group's value chain and identified potential human rights risks that are closely related to the Group's operations. We will continue to analyze and address the identified risks in more detail.
g. Changes to social conditions due to warfare, civil strife, political upheaval, revolution, terrorism, rioting, etc.
Newly emerging international pressures, exchange rate trends, trade issues, or effects on procurement costs due to warfare, civil strife, political upheaval, revolution, terrorism, rioting, etc. may impact the Group’s business and operating results.
When such events occur, we will promptly ascertain the impact on our group and quickly engage in activities to prevent losses due to each risk. In addition, we will implement measures based on the BCP plan as appropriate when there is a possibility that this may cause a failure in business continuity.
2) Financial risks
a. Owned securities
The Group buys and holds the equity shares of suppliers and other business partners in cases where it deems such investments will enable it to establish stable alliances and cooperative relations that lead to new business opportunities and will support the sustainable growth of the Group and enhance its medium- and long-term corporate value. The Group also invests in bonds as part of its short-term surplus fund management operations. However, the Group’s business and operating results, etc. may be impacted if sharp fluctuations in the market prices of these marketable securities or deterioration in management conditions of issuing entities requires the posting of accounting losses or other similar measures.
Accordingly, the Group carefully confirms the reliability of these securities by thoroughly examining issuers’ financial condition, business results trends, credit ratings, and other relevant indicators. In addition, the Group regularly reviews the suitability of continuing to hold the securities and reduces them if continued holding is deemed to lack meaningfulness.
3) Hazard risks
a. Pandemics (the global spread of infectious and communicable diseases)
Restrictions on activities both domestic and foreign due to a pandemic will affect the Group’s business and operating results, etc. if it sharply constricts the productive activities of our employees and those of our business partners.
Should a pandemic occur, we will make every effort to properly ascertain the responses of the World Health Organization (WHO), the Japanese government, and other relevant authorities. We will also take action to strengthen hygiene at our offices, data centers, and other work sites, based on the Group’s business continuity plan. We will also refrain from sending employees to work in areas heavily stricken by infections. In addition, we have established work environments that facilitate working from home and have ensured that operations, including the decision-making process for important matters of the Group, can be conducted in line with work procedures predicated on teleworking.
b. Natural disasters and accidents
As the likelihood of natural disasters, including floods, occurring in unconventional locations and frequencies is increasing due to global warming, large-scale natural disasters and the accompanying longer-than-expected power outages could affect our outsourcing and cloud services businesses, which use large-scale IT facilities such as data centers which the Group operates.
In accordance with the Group’s business continuity plan therefore, we are preparing various equipment environments that will facilitate our data centers’ response to all manner of disasters. In addition, we have been gradually closing older data centers and focusing on the development of state-of-the-art data centers with seismic-isolation structures, robust disaster-mitigation equipment, emergency power generators, fuel storage equipment, and other highly reliable electric power equipment as well as contracts for prioritized power supply. In addition, based on the business continuity plan that the Company has formulated, we are enhancing our business continuity capabilities by establishing stockpiles, conducting drills, establishing a remote work system aimed at mitigating the impact when conditions make commuting to work difficult, and promoting a paperless workflow.
4) Operational risks
a. System development
Outsourced development and maintenance of various information systems for client companies is one of the Group’s core businesses. As system development becomes more sophisticated, complex, and subject to tighter time constraints, larger-than-expected costs may be incurred if additional work is required to secure the planned level of quality or if a project cannot be completed on schedule. These increased costs and the possibility of claims for damages from clients etc. could impact the Group’s business and operating results.
The Group has therefore developed its own original “Trinity” quality management system based on the ISO 9001 standard. Using this system, we are continually enhancing quality management and raising productivity by using dedicated organizations to thoroughly screen business proposals and review projects at each stage of development. In addition, we have established the Group Quality Executive Meeting to lead our efforts to improve quality and promote production innovation measures throughout the Group while also enhancing management and technological capabilities by strengthening training programs for each employee rank.
Meanwhile, some systems development tasks are being outsourced to domestic and overseas business partners for reasons such as securing production capacity, raising productivity, and utilizing technical capabilities. If the productivity or quality do not meet expectations, smooth project management may not be realized and the Group’s business and operating results, etc. may be impacted.
We therefore seek to secure superior business partners in Japan and overseas. That effort includes regular meetings with and questionnaire surveys of our partners so that we fully understand their situation and are able to build strong relationships.
b. System operation
The Group uses data centers and other large IT facilities to provide its outsourcing business and cloud services business. If system problems arise due to human error or equipment malfunctions during system operation and the Group is unable to provide services at the level agreed upon with the client, the Group’s business and operating results, etc. may be impacted.
We have therefore developed a system maintenance/operation framework based on ITIL (Information Technology Infrastructure Library) practices and are using this framework to direct our constant efforts to improve system operation quality and to establish and strengthen measures for early detection and confirmation of system failures and measures to reduce and prevent the occurrence of failures.
c. Information security
Through its wide-ranging business activities on behalf of clients, from system development to operation, the Group is in a position to handle various types of confidential information, including personal information held by clients and information about their systems’ technologies, etc. If such confidential information were to be leaked or manipulated due to a computer virus, unauthorized access, or other reason, the Group’s business and operating results, etc. could be impacted by claims for damages from client companies and by a loss of trust in the Group’s services. And with the Internet having become part of the social infrastructure and various forms of information easily spreading in an instant, the range of users has expanded and convenience increased. However, the risk of information leakage due to cyberattacks and other unauthorized external access is also increasing, and if information is leaked, the Group’s business and operating results, etc. could be impacted by claims for damages from clients and by a loss of trust in the Group’s services.
The Group has therefore established an information management system based on its Information Security Policy. The system is contributing to appropriate information management while also assisting our efforts to raise awareness through employee education and training programs. In addition, we apply the Group’s information security promotion guidelines to guide our checks and evaluation of the levels of information security management across the entire group, as well as subsequent promotion of improvement measures. When an information security breach does occur, we take responsibility and establish an investigative committee to look into the cause, implement countermeasures, and prevent recurrence. This fiscal year we renewed our SOC (Security Operation Center) and SIEM (Security Information and Event Management), and have promoted the implementation of a companywide and group wide zero-trust environment.
Regarding the personal information the Group handles, we have established an information management system based on Japan’s Act on the Protection of Personal Information and regulations on the handling of Individual Numbers and information about specific individuals. We are also conducting education and training programs for employees to thoroughly raise their awareness of the importance of protecting personal information. These efforts are contributing to more appropriate handling of personal information, including stronger management of client information. And we are implementing security measures using a zero-trust security model to address the diversification of workplaces with the full-scale implementation of working from home. Furthermore, TIS and other Group companies have obtained Information Security Management System (ISMS) certification and the JIPDEC’s PrivacyMark.
d. Legal systems, compliance
The Group conducts its various business activities in compliance with laws and regulations in Japan and other countries. If the Group were to contravene a law or regulation, or a new law or regulation were introduced, the Group’s business and operating results, etc. could be affected. In addition, in the event of discrimination or harassment, should there be a reduction in productivity, an increase in costs, and/or a decline in employee engagement, the Group's business and operating results may be affected.
The Group therefore has established a compliance structure based on its Basic Direction on Corporate Sustainability and Group Compliance Declaration, and it works to educate all employees regardless of employment status and comply with all laws in an endeavor to conduct its business activities fairly. In accordance with the Group’s compliance regulations, important compliance issues for the entire Group are discussed, measures to prevent recurrence are decided, and the status of the implementation of these measures is then monitored in an effort to ensure their adoption throughout the Group. One such measure is the tightening of regulations on contracted work and temporary staffing, an important issue for the Group because of the transactional nature of the IT services industry. We are working on a dedicated risk management system and the creation of group guidelines and independent inspection checklists that will contribute to the appropriate operation of the system. In addition, to prevent illegal activities and detect and correct them at an early stage, we have introduced a whistle-blowing system and established a reporting and consultation desk, thereby raising awareness of legal compliance throughout the Group. Furthermore, we will conduct education and awareness-raising activities aimed at building good relationships and establishing smooth communication in order to help prevent discrimination and harassment, and will take fair and strict measures in the event that such incidents should occur.
e. Intellectual property rights
The Group’s business activities entail the use of technologies, licenses, business models and various trademarks that may be subject to intellectual property rights. Accordingly, the Group takes great care to ensure that it does not infringe the intellectual property rights of third parties. Nonetheless, if the Group were to infringe another company’s intellectual property right, it could be presented with an injunction and a claim for damages. In such a case, the Group’s business and operating results, etc. could be impacted.
To prevent such an event, the Group is strengthening its framework for preventing violations of intellectual property rights and is conducting education and training programs to raise employees’ awareness of this issue. Meanwhile, the Group also regards its own intellectual property as an important management resource and takes all necessary means to protect this valuable resource.
f. Climate change
In response to climate change, companies are gradually becoming more committed to, and responsible for, both mitigation involving reducing greenhouse gas emissions and adaptation involving reducing the adverse effects of climate change, and as a result, there is a growing demand to promote the use of renewable energy in business and corporate activities. Therefore, if the Group's energy costs are significantly impacted by fluctuations in demand for renewable energy, or if the Group's transition to renewable energy is delayed, the Group's business and operating results may be affected.
The Group has therefore endorsed the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD), carries out continuous assessments in accordance with the TCFD recommendations framework, and discloses the results to the public to explain our efforts to help mitigate climate change.