Internal Controls
Basic Concept and Status of Implementation and Operation of Internal Control System
Basic Concept
Sojitz has been working on implementing and maintaining our internal control systems on a Group-wide basis. The “Basic policy regarding the establishment of systems for ensuring appropriate execution of Sojitz Group business operations” was resolved by the Board of Directors on April 24, 2015, based on the Companies Act and Ordinance for the Enforcement of the Companies Act of Japan.
|
|
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Status of Implementation and Operation in the year ended March31,2022
Overall Internal Control System
The Internal Control Committee, which is an executing body under the management of the President, consolidates and monitors the status of implementation and operation of the Internal Control System, and leads maintenance and improvement of our internal control systems.
(Overview of operational status)
The Internal Control Committee oversees the implementation and enforcement of the overall internal control system, as well as conducts periodic monitoring. The Committee also identifies issues and considers countermeasures related to the internal systems and frameworks, points out these issues to the relevant departments, and makes improvements. In addition, the Committee monitors progress on assessments of internal controls with regards to financial reporting, based on the Financial Instruments and Exchange Act, thereby working to ensure the reliability of financial reporting. Each committee (Compliance Committee, Sustainability Committee, etc.), subcommittee (Information Security Subcommittee, which was reorganized into a committee in April 2022) and working group (the Disclosure Working Group, the Business Continuity Management Working Group) discuss specific initiatives for their area of expertise.
The Internal Control Committee met six times during the fiscal year ended March 31, 2022, and reported the details of these meetings to the Board of Directors.
With a view to further disseminating and sharing important information including those concerning the establishment and revision of rules and guidelines of the Sojitz Group and precautions, Sojitz continued its regular distribution of the “Internal Control Bulletin,” a summary of key information, to all Group companies in Japan and overseas.
Compliance
Sojitz has established a “Sojitz Group Compliance Program,” which sets out procedures for achieving thorough compliance, and have also formulated a “Sojitz Group Code of Conduct and Ethics,” which provides common criteria for conduct that applies to Group officers and employees globally.
The Compliance Committee, chaired by the Chief Compliance Officer (CCO), leads the establishment of systems for promoting compliance with laws and regulations and corporate ethics at Group companies and overseas bases, such as appointing compliance supervisors and forming compliance committees.
To help prevent or quickly detect compliance violations, Sojitz has a hotline (internal reporting system) that provides access to the CCO and outside legal counsel; a consultation desk where the Compliance Committee Secretariat members can be contacted; and the multi-lingual Sojitz Ethics Hotline, which is available 24 hours a day, 365 days a year. These systems are made known to all Sojitz Group officers and employees. In addition, a point of contact for external parties concerning the compliance of Sojitz has been established on the website of Sojitz, to collect any reports from outside of the Company.
To prevent corruption, Sojitz has also established the “Sojitz Group Anti-Corruption Policy” and the “Guidelines for Sojitz Group Anti-Corruption Policy,” and has introduced corresponding rules at overseas local subsidiaries as well as Group companies in Japan and overseas.
In addition, Sojitz became the first Japanese company to acquire the ISO 37001 certification, an international standard for anti-bribery management systems.
Furthermore, Sojitz formulated the Sojitz Group Basic Policy on Sanctions and Export Controls, in an effort to develop a safeguard structure against the risks associated with the violations of sanctions and export controls in Japan and overseas.
With regard to paid leave and medical checkup for employees, Sojitz has encouraged them to actively take paid leave and receive checkup, by improving work efficiency and fostering such workplace culture. Sojitz strived to thoroughly monitor the progress in order to ensure the fulfillment of legal obligations.
In addition, in expanding the business around the world, the Group has established the “Sojitz Group Tax Policy” regarding observance of tax compliance, optimization of tax costs, and relationships with tax authorities, and strived to fulfill its tax obligations in a timely and appropriate manner.
Sojitz has continued educational activities useful for business practice to ensure legal compliance and maintain a good working environment free of any kind of harassment, such as providing educational opportunities including e-learning.
(Overview of operational status)
Based on the action plan formulated by the Compliance Committee, Sojitz continues to provide counsel on how to prevent compliance issues from reoccurring, as well as providing assistance and guidance to Group companies on how to practice said Code of Conduct.
- Specific activities related to compliance in the fiscal year ended March 31, 2022, included the following:
- ・Meetings of the CCO with Chief Operation Officers of business divisions and presidents of Group companies
- ・Regular liaison meetings among the compliance staff of Group companies
- ・Regular liaison meetings with the compliance staff of overseas operating sites
- ・Trainings, seminars and briefings on important issues concerning the prevention of harassment and corruption
- ・Various training programs for newly hired employees, employees hired as mid-career professionals, employees on overseas assignments, and others
- ・Alert letters for eradication of harassment and scandals caused by consumption of alcohol
- ・Individual support for Sojitz’s domestic operating companies through a risk-based approach to enhance the compliance system (cooperation in investigations, tailored trainings, etc.)
- ・Revision of the “Sojitz Group Code of Conduct and Ethics” (revised on April 1, 2022, and to be continuously revised by the Group companies).
The Compliance Committee met a total of four times, once in each quarter, during the fiscal year ended March 31, 2022.
With regard to security trade control, based on the action plans formulated by the Security Trade Control Committee, the committee secretariat is engaged in activities for preventing violations of sanctions and export controls while providing support and guidance to the Group companies.
Specific activities carried out in the fiscal year ended March 31, 2022, included the following:
- ・Various training programs for newly hired employees, employees hired as mid-career professionals, employees on overseas assignments, and others
- ・Support for the revision and formulation of local security trade control-related regulations at overseas operating sites
- ・Held two meetings of the Security Trade Control Committee
- ・Support for responding to measures in concert with strengthened sanctions and others, due to changes in the security situation (including deterioration of U.S.-China relations, military coup d’état in Myanmar, and Russia's invasion of Ukraine, etc.)
Risk Management
Sojitz has designated categories of business activity risk based on the “Basic rules of corporate risk management,” has assigned officers responsible for each kind of risk, and has formulated the “Risk Management Policy and Plan” in order to deal with the various risks facing general trading companies today. By implementing a PDCA cycle with regards to formulating, executing, monitoring and summarizing the Risk Management Policy and Plan, Sojitz strives to secure its sustainability and further improve the risk management system.
(Overview of operational status)
Sojitz identifies risks in the entire Company and conducts periodic review on major risks through evaluations of the degree of materiality. The Group has currently identified twelve major risks and, in line with characteristics of those risks, has established the “Risk Management Policy and Plan.”
The “Risk Management Policy and Plan” is resolved by the Board of Directors, and the Internal Control Committee deliberates whether it is operating properly, issuing a report to the Board of Directors quarterly. Additionally, in the event that it becomes necessary to make everyone at Sojitz aware of measures to counter changes in the business environment, or if new risks require new responses, such situations are dealt with upon making the necessary reports to the management on the issues and the status of responses.
Among the twelve risk categories, for quantifiable risks such as market risk, credit risk, business investment risk and country risk, risk assets are measured on a quarterly basis. As for the risks that are difficult to quantify such as funding risk, environmental and social (human rights) risk, compliance risk, legal risk, system and information security risk, disaster risk, risks concerning the delivery of corporate information via websites and SNS, and quality-related risk, Sojitz continuously monitors them in a PDCA cycle.
Given the expansion and diversification of our business fields, in the year ended March 31, 2022, Sojitz has set up the Quality Management Committee and formulated the Sojitz Group Quality Management Policy as a basic policy for the Group’s quality management, in an effort to strengthen its response to quality-related risks.
Sojitz continues to conduct ongoing education programs through a variety of risk management training, in order to firmly establish a risk management mindset among Sojitz Group officers and employees.
Click here for “Risk Management”.
Management of Group Companies
Each Group company has a management system based on the management system for Group companies’ business operations defined in the “Basic Rules of Group Management” and the “Group Management Administration Regulations.” The status of each system is monitored on a periodic basis.
In addition, Directors monitor business management of Group companies through the business division or corporate department staff who supervise these companies, or else the Directors, Audit & Supervisory Board Members, and others dispatched to Sojitz Group companies.
(Overview of operational status)
Through the Directors and the Audit & Supervisory Board Members dispatched to each Group company, Sojitz manages and supervises Group companies, ensuring that they have established an appropriate management foundation and corporate governance and that these are working correctly. Sojitz also receives regular reports, including annual business reports and monthly operating activity reports. As for the most important matters at Group companies, execution of the most important business requires advance consultation with Sojitz to ensure appropriate management.
Additionally, in order to promote Group management, Sojitz has the business division or corporate department staff supervising Sojitz Group company explain Sojitz Group’s management philosophy, as well as make efforts to publicize our management philosophy and policies during training sessions for Group companies’ officers and employees.
Based on an audit plan adopted by the Board of Directors and under the supervision of the Internal Audit Committee, the Internal Audit Department of the Company conducts audits to investigate whether organizational governance, risk management, and internal controls are functioning appropriately in the Group companies. The Internal Audit Department also makes proposals for effective improvements to prevent losses and solve issues.
As part of the Group’s efforts to further enhance the corporate governance of Group companies, in order to improve the effectiveness of the Board of Directors at each Group company, the “Guidance for management of the Board of Directors” has been formulated, and the operating status of the Board of Directors at each company has been monitored and reported regularly to the Management Committee and the Board of Directors at Sojitz.
In addition, trainings for Directors of Group companies are provided on a yearly basis and additional trainings are separately provided for newly appointed Directors and Audit & Supervisory Board Members.
Management and Storage of Information
With respect to handling of important documents related to execution of duties such as the minutes of Board of Directors meetings, the responsible department shall appropriately manage such documents according to the retention period required by law based on guidelines including the internal rules for document retention, and shall make such documents available for viewing as necessary. As for the information related to business execution, a system is in place to monitor the status of operation by establishing rules that define the classification and confidentiality of the information. In addition, Sojitz has created the position of the Chief Information Security Officer (CISO) in the year ended March 31, 2022, for further strengthening information security system.
(Overview of operational status)
With respect to information related to business execution, Sojitz regularly reviews the classification, management methods, and retention period of information as stipulated in the internal regulations, and makes efforts to ensure proper management. In addition, the Group has formulated guidelines on specific methods for the management and operation of information that requires particularly strict control, which is defined as “information requiring specific management,” and has investigated the status of holding such information and provided instructions for improvement as necessary. Furthermore, the Group has continuously endeavored to bolster security measures, such as countermeasures against cyberattacks that are becoming increasingly advanced and sophisticated. Especially for the fiscal year ended March 31, 2022, which saw a certain establishment of remote work as a working style, the Group focused on security measures, such as introducing software to minimize the impacts of cyberattacks by detecting them at an early stage, and expanding provision of trainings to handle suspicious e-mails to domestic and overseas subsidiaries.
Click here for “Information Management”.
Arrangements to ensure effective auditing by the Audit & Supervisory Board Members
In terms of reporting to Audit & Supervisory Board Members, Sojitz has adopted a system which, in addition to the reports by the Directors, reports matters required for auditing in a timely manner, such as reporting on Group-wide matters by various committees, including the Internal Control Committee and the Compliance Committee, as well as the Internal Audit Department, and business reports from the consolidated subsidiaries. Additionally, relevant regulations provide that persons who report to the Audit & Supervisory Board Members will not receive disadvantageous treatment on account of having made the report.
For accounting audits, Audit & Supervisory Board Members receive explanations on the audit plan and regular reports on the audit status from the Accounting Auditor, share information with each other, and establish a system enabling efficient audits. Additionally, Audit & Supervisory Board Members monitor and verify whether the Accounting Auditor maintains its independence and constantly evaluate the status of quality management of audits.
(Overview of operational status)
Audit & Supervisory Board Members receive reports in a timely fashion and set interviews regularly in addition to exchange of opinions conducted between the Audit & Supervisory Board Members and Directors as well as the Audit & Supervisory Board Members and the Accounting Auditor.
Furthermore, for the fiscal year ended March 31, 2022, Sojitz conducted audits through remote auditing by utilizing a web conferencing system and communicating sufficiently with domestic and overseas consolidated subsidiaries even amid the continuing COVID-19 pandemic.