Risk Management
Of matters relating particularly to the status of operations and accounts described in the securities report, major risks with the potential to exert significant impact on consolidated business results, financial position and cash flow status (hereinafter referred to as “operating results, etc.”) are presented below.
Note that TIS defines “risk” as “any factor that may hinder realization of the management philosophy, goals and strategies of the Company and the Group by causing economic loss; the interruption, stagnation or suspension of business operations; and/or damage to the Company's credit or brand image.” In addition, groupwide risks are classified into strategic risks, financial risks, hazard risks and operational risks, according to rules on risk management.
Using TIS’ risk management evaluation method, all risks are comprehensively evaluated from the viewpoint of frequency of occurrence and degree of damage caused. However, the nature and degree of the impact that each risk will have on operating results, etc. will vary depending on the nature of each risk event, the likelihood that the risk will emerge, and the timing of that emergence. Since more specific explanations of each risk are difficult, detailed descriptions of the potential damage to operating results, etc. have been omitted.
Note that forward-looking statements presented here are based on information available to management as of the filing date for the annual securities report in Japanese.
The Group follows rules set by TIS for risk management to ensure an accurate understanding of the risks facing the Group and prevent losses from occurring. In accordance with these rules, an executive is appointed to oversee risk management of the entire Group. Also, a risk management department was established to promote development of a risk management system. In addition, TIS formulated a risk management policy for the entire Group and regularly checks the implementation status of measures to control risk. When a Group company becomes exposed to a serious risk, a task force is set up and appropriate measures are taken to minimize damage.
As for the status of the risk management system, TIS promotes various measures to maintain and improve groupwide internal controls, according to a basic policy and various regulations regarding the internal control system, and also monitor the status of internal control system development and application and support a process for reporting the outcome of discussions by the Group Internal Control Committee to the Board of Directors.
<Risk Assessment Process>
Risk policies (top risk direction and major risks) prepared by the president of each Group company, based on defined priority risks, as well as risks identified by each division are evaluated. The Group Internal Control Committee examines the risks for the entire Group twice a year, confirming issues related to those risks and evaluating the status of improvement measures, and these matters are reported to the Board of Directors. Based on these reports, initiatives are implemented to strengthen and improve the groupwide internal control system.
<Risk Management Process>
1) Strategic risks
1. Human resources
Human resources are the Group’s most important management resource, and business activities are significantly influenced by the ability of Group companies to secure and develop highly skilled individuals capable of providing specialized, high-value-added services to clients. The Group’s businesses and operating results, etc. may therefore be negatively affected if Group companies cannot secure and develop talented people as planned.
To address this risk, TIS analyzes the impact path related to human capital and pinpoints KPIs linked to human resource strategy perspectives that could affect future finances on a groupwide basis. Management then tracks the status of these KPIs and applies insights gained to expand human capital necessary for business growth. At the same time, management is keen to adopt new workstyles and realize a higher level of job satisfaction among employees, and toward this end, takes steps to attract and keep skilled individuals by creating a corporate culture, human resources structure and office environment that enables a diverse group of people to thrive. This approach is complemented by efforts to reinforce investment in human capital and increase the base component of compensation to retain talent at a level necessary to prevent business growth from turning sluggish due to insufficient staffing. In addition, TIS emphasizes measures related to human resources development, including support for acquiring qualifications and defining a career path, and standardizing training programs.
2. Changes in the market and economy
Our business domains are evolving and, as trends in society continue to shift, the technologies and services required to support society going forward could change considerably. Consequently, if we are slow in identifying the seeds of technology needed in the future, the technologies and services in our business portfolio might become obsolete, which would impair competitiveness. If we are unable to respond appropriately to such changes and our technologies and know-how do become obsolete, we would be unable to provide the high-quality services that our clients have come to expect from us, or else an eroded technological competitive advantage might force us into hotter-than-anticipated price wars. Such situations could have an adverse effect on businesses and operating results, etc.
Therefore, in formulating business plans and setting targets, TIS continuously analyzes conditions in the business environment to better understand market needs, seeks to differentiate the Company and by extension, the Group, from competitors by adding more value to provided services, and tirelessly pursues studies and research into such areas as information technologies as well as production and development technologies. As a result, we are able to select core technologies from a technology portfolio to support sustainable improvement in development competitiveness, promote R&D and deploy the results while also emphasizing productivity innovation activities, enhancing the digital transformation value we provide, and strengthening our response to emerging issues, notably, the appearance of unprofitable projects.
Furthermore, if the Japanese yen depreciates sharply due to economic fluctuations, business performance is expected to deteriorate due to foreign exchange losses. To manage this risk, the Company hedges foreign currency exposures, particularly for large transactions, taking into account volatility and hedging costs.
3. Investments
TIS invests in companies in Japan and overseas, including venture companies, to establish capital and business alliances mainly for the purpose of expanding business, acquiring cutting-edge technologies, and executing mergers and acquisitions. The Company also makes investments in large IT facilities, such as data centers operating 24 hours a day, 365 days a year, which support expansion of outsourcing and cloud services businesses (including continued capital investments to fund initial construction and the stable operation of existing facilities), software needed to promote service-based business, and human capital. Unanticipated changes in the business environment may result in investments failing to yield the expected result or return or make assets obsolete, thereby impacting the Group’s businesses and operating results, etc. In addition, any potential misconduct or system failures by a corporate counterparty immediately after an investment or M&A transaction may result in a loss of credibility and tarnish the brand image of the Group, precipitate lawsuits, and cause other repercussions.
Accordingly, all investment decisions are made after thorough examination of the business plan by either the Board of Directors, the CVC Investment Committee or the Investment Committee, depending on the investment project, and the progress of the business plan is periodically confirmed after investments have been made. In addition, for companies with which we have entered into large-scale capital tie-ups or mergers and acquisitions, we continuously implement necessary measures based on prior verification and examination of the risks involved in their business activities, and dispatch executives to them so that we can quickly ascertain their status.
4. Overseas business
Overseas business may be impacted by various factors, including global economic and foreign exchange trends, legal regulations on investment and competition, local business practices, and labor-management relations. If one of these factors manifests itself in an unanticipated manner, it may impact the Group's businesses and operating results, etc.
As part of its growth strategy, TIS is pursuing capital and business alliances as well as M&A with local companies in overseas markets to achieve expansion of overseas businesses, with a focus on ASEAN countries. In making such investments, the Company conducts detailed investigations on the business performance and financial position of the target company, and after the investment, business promotion and corporate planning business units work together to conduct monitoring and report periodically to the Board of Directors.
Additionally, the Company is dispatching personnel to operating companies, and promoting efforts to strengthen the governance of overseas subsidiaries and affiliates led by the Global Financial Planning Office, a dedicated body established within the Company.
5. Human rights
The Group’s business activities may have a direct or indirect negative impact on certain stakeholders. The occurrence and disclosure of such events could result in damaging the reputation and credibility of TIS and/or the Group, and could affect businesses and operating results, etc.
The human rights policy set by TIS for the Group is based on the Guiding Principles on Business and Human Rights adopted by the United Nations Human Rights Council in June 2011. Furthermore, by promoting human rights due diligence in line with this policy, TIS is committed to taking appropriate measures to identify and correct at an early stage any negative impacts of the Group’s business activities on society. The progress of these efforts is appropriately disclosed on the Company’s website.
6. Geopolitical risks
Newly emerging international pressures, exchange rate trends, trade issues, or effects on procurement costs due to warfare, civil strife, political upheaval, revolution, terrorism, rioting and other events, may impact the Group's businesses and operating results, etc.
When such events occur, TIS will promptly ascertain the impact on the Group and quickly engage in activities to prevent losses due to each risk. In addition, TIS has developed a Business Continuity Plan (BCP) for the Group that includes crisis response for expatriates and what to do when offshore transactions are interrupted.
7. Reputational risk
If risks are not properly managed and have a negative impact on society, or if the Company is associated with any negative impact that other companies have had on society, the situation could lead to a loss of trust and tarnished brand image, which has the potential to cause the interruption, stagnation or cessation of business, or a loss of clients or business partners. Issues related to corporate governance, business and human rights, environmental impact, compliance, quality, and information security are particularly relevant to reputational risk. Management believes that this risk increases in proportion to expansion of the Company's business and higher name recognition, and that if the Company fails to manage risk promptly, even an incident that occurs at a subsidiary could spread to the entire Group. Therefore, in order to respond promptly to this risk, TIS has established a cross-group escalation system and prepared a response manual for use should a crisis arise.
8. Technological innovation
Technological innovation has the power to dramatically change approaches to problem-solving and client and social issues, so a delay in responding to technological innovation could impair competitiveness of TIS and the Group as a whole. Recent advances in AI-related technologies, such as generative AI, could have a particularly significant impact on our business. For this reason, we are keen to develop human resources with expertise in generative AI technology and encouraging wider application of generative AI technology.
2) Financial risks
1. Securities held
Some companies under the TIS INTEC Group umbrella buy and hold equity in suppliers and other business partners where such investments are thought to underpin stable alliances and cooperative relationships that lead to new business opportunities and support sustainable growth of the Group and enhance its medium- and long-term corporate value. TIS also invests in bonds as part of its short-term surplus fund management operations. However, businesses and operating results, etc. may be impacted if sharp fluctuations in the market prices of these marketable securities or deterioration in the business status of the issuing entities requires TIS to book accounting losses or apply some other accounting treatment.
Accordingly, TIS carefully confirms the safety of these securities by thoroughly examining issuer-related financial status, performance trends, credit ratings and other relevant indicators. In addition, TIS regularly reviews the suitability of continuing to hold the securities and reduces them if continued holding presents little significance.
3) Hazard risks
1. Pandemics (the global spread of infectious and communicable diseases)
A pandemic that restricts operations in domestic and overseas markets and significantly impacts production activities by employees within the Group and at business partner companies has the potential to adversely affect the Group’s businesses and operating results, etc.
For this reason, TIS has a BCP in place for use should a pandemic occur.
2. Natural disasters and accidents
The likelihood of natural disasters, including floods, occurring in unconventional locations and at greater frequency is increasing due to global warming, and large-scale natural disasters and the accompanying longer-than-expected power outages could affect outsourcing and cloud services businesses, based out of large-scale IT facilities, such as data centers operated by Group companies.
In response, TIS evaluated risk using the Taskforce on Nature-related Financial Disclosures framework. In addition, in accordance with the business continuity plan, Group companies that operate large-scale facilities are being encouraged to prepare various equipment environments conducive to data center response in types of disaster scenarios. In addition, TIS has gradually been closing older data centers and focusing on the development of state-of-the-art data centers with seismic-isolation structures, robust disaster-mitigation equipment, emergency power generators, fuel storage equipment and other highly reliable electric power equipment, complemented by contracts for prioritized power supply. In addition, TIS will establish a basic DC-BCP and continue to conduct operational inspections and implement preventive measures against the recurrence of system failures.
4) Operational risks
1. System development
Outsourced development and maintenance of various information systems for client companies is one of the Group’s core businesses. As system development becomes more sophisticated, complex and subject to tighter time constraints, larger-than-expected costs may be incurred if additional work is required to secure the planned level of quality or if a project cannot be completed on schedule. These increased costs and the possibility of claims for damages from clients or other situations could impact the Group’s businesses and operating results, etc.
Therefore, TIS developed Trinity, an original quality management system based on the ISO9001 standard. Using this system, a dedicated team carefully screens business proposals and executes a thorough review of projects at each stage of development to underpin ongoing efforts to enhance quality management and raise productivity. In addition, TIS established the Group Quality Executive Meeting to lead efforts to improve quality and promote production innovation measures throughout the Group while also enhancing management and technological capabilities by strengthening training programs for each employee rank. TIS continues to update "Trinity" to keep pace with the latest trends.
Meanwhile, some system development tasks are being outsourced to domestic and overseas business partners for reasons such as securing production capacity, raising productivity and utilizing technical capabilities. It may be difficult to achieve smooth project management if productivity or quality do not meet expectations, and the Group’s businesses and operating results, etc. may be impacted.
Therefore, we seek to secure superior business partners in Japan and overseas. That effort includes regular meetings with and questionnaire surveys of our partners so that we fully understand their situation and are able to build strong relationships.
2. System operation
TIS relies on data centers and other large IT facilities to provide outsourcing and cloud services. If system problems arise due to human error or equipment malfunctions during system operation and facilities are unable to provide services at the level agreed upon with the client, businesses and operating results, etc. may be impacted.
TIS has therefore developed a system maintenance/operation framework based on ITIL (Information Technology Infrastructure Library) practices and is using this framework to constantly improve system operation quality and to establish and strengthen measures for early detection and confirmation of system failures and measures to reduce and prevent the occurrence of failures.
3. Information security
In the course of executing wide-ranging business activities, from system development to operation, TIS and other members of the Group are privy to various types of confidential information, including personal information held by clients and information about the technologies used in their systems. If such confidential information is leaked or tampered with, the Group's businesses and operating results, etc. could be impacted by claims for damages from client companies and by a loss of trust in the Group's services. Meanwhile, with the Internet now a part of the social infrastructure and various forms of information easily and instantly accessible, the range of potential users has expanded and convenience has increased. However, the risk of accidents and system failures due to unauthorized external access is growing. If TIS fails to respond appropriately to such a situation, its businesses and operating results, etc. could be impacted by claims for damages from clients and by a loss of trust in the Group's services.
Therefore, TIS established an information management system based on its Information Security Policy. The system contributes to appropriate information management while also assisting efforts to raise awareness through employee education and training programs. In addition, TIS applies the Group's information security promotion guidelines to guide its checks and evaluation of the levels of information security management across the entire group, as well as subsequent promotion of improvement measures. When an information security breach does occur, TIS takes responsibility and launches an investigative committee to look into the cause, implement countermeasures and prevent recurrence.
Regarding personal information handled by Group companies, TIS established a group-level information management system based on Japan's Act on the Protection of Personal Information, Individual Numbers, and Rules for Handling Specific Personal Information. We also take all necessary security control measures by regularly confirming compliance with the Act on the Protection of Personal Information. In addition, we strive to maintain appropriate operations by instilling in our employees a deep awareness of the importance of protecting personal information through education and training programs. We are also implementing security measures using a zero-trust security model to address the diversification of workplaces paralleling full-scale application of telecommuting. Also of note, TIS and other Group companies have obtained Information Security Management System (ISMS) certification and JIPDEC's PrivacyMark.
Additionally, TIS defined a groupwide CSIRT (Computer Security Incident Response Team) system to respond to cyber attacks and share information at the Group Security Promotion Meeting, and also operates "TIS-CSIRT" as an in-house CSIRT for early detection of incidents and quick and accurate emergency response. Complementing these systems, TIS collects, analyzes and disseminates a wide range of security-related information, including the latest attack methods and incidents, and also monitors communications, responds to emergencies, and coordinates efforts with external parties. Going further still, TIS created an IT-BCP as a countermeasure in the event of an emergency, and conducts regular drills.
4. Legal systems, compliance
The Group is engaged in various businesses, and activities are conducted in compliance with respective laws and regulations in Japan and other countries. If a member of the Group were to contravene a law or regulation, or a new law or regulation were introduced, the Group’s businesses and operating results, etc. could be affected. In addition, in the event of discrimination or harassment, should there be a reduction in productivity, an increase in costs, and/or a decline in employee engagement, the Group’s businesses and operating results, etc. could be affected.
Therefore, TIS established a compliance structure based on its Basic Direction on Corporate Sustainability and Group Compliance Declaration. Throughout the Group, we strive to educate all employees regardless of employment status and comply with all laws to ensure that business activities are conducted fairly. In accordance with groupwide compliance regulations, important compliance issues for the entire Group are discussed, measures to prevent recurrence are decided, and the status of the implementation of these measures is then monitored in an effort to ensure adoption and adherence throughout the Group. One such measure is the tightening of regulations on contracted work and temporary staffing, an important issue for the Group because of the transactional nature of the IT service industry. TIS established a dedicated risk management system and has also prepared an Operation Manual for Proper Contracted Work and Temporary Staffing to ensure appropriate operation of the system. In addition, to prevent illegal activities and detect and correct them at an early stage should they arise, TIS introduced a whistle-blowing system and established a reporting and consultation desk, thereby raising awareness of legal compliance throughout the Group. Furthermore, TIS will conduct education and awareness-raising activities aimed at building good relationships and establishing smooth communication to help prevent discrimination and harassment, and will apply fair and strict measures in the event such incidents do occur.
5. Intellectual property rights
The Group’s business activities entail the use of technologies, licenses, business models and various trademarks that may be subject to intellectual property rights. Accordingly, TIS takes great care to ensure that no member of the Group infringes on the intellectual property rights of third parties. Nevertheless, if a member of the Group were to infringe upon another company’s intellectual property rights, it could be presented with an injunction and a claim for damages. In such a case, the Group's businesses and operating results, etc. could be impacted. To prevent such an event, TIS is strengthening its framework for preventing violations of intellectual property rights and is conducting education and training programs to raise employees' awareness of this issue. Meanwhile, TIS also regards its own intellectual property as an important management resource and takes all necessary means to protect this valuable resource.
6. Climate change
In response to climate change, companies are gradually becoming more committed to, and responsible for, both mitigation involving reducing greenhouse gas emissions and adaptation involving reducing the adverse effects of climate change, and as a result, there is a growing demand to promote the use of renewable energy in business and corporate activities. Therefore, if groupwide energy costs are significantly impacted by fluctuations in demand for renewable energy, or if the Group's transition to renewable energy is delayed, the Group's businesses and operating results, etc. may be affected.
Therefore, TIS endorsed the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD), carries out continuous assessments in accordance with the TCFD recommendations framework, and discloses the results to the public to explain efforts to help mitigate climate change.