Sojitz Corporation

CLOSE

Internal Controls

Basic Concept and Status of Implementation and Operation of Internal Control System

Basic Concept

Sojitz has been working on implementing and maintaining our internal control systems on a Group-wide basis. The “Basic policy regarding the establishment of systems for ensuring appropriate execution of Sojitz Group business operations” was resolved by the Board of Directors on April 24, 2015, based on the Companies Act and Ordinance for the Enforcement of the Companies Act of Japan.

 

  • i) Retention and management of information relating to the execution of the Company Directors’ duties
  • -With respect to important documents relating to the execution of duties by Directors of the Company, such as the minutes of Board of Directors meetings and approval documents, a retention period that is equal to the period required by the relevant law or regulation shall be prescribed in accordance with the Board of Directors rules and the internal rules for document retention and information management. The department in charge of such retention shall also be designated, and documents shall be made available for view as necessary.
  • ii) System to ensure compliance by Company Directors and employees with laws and regulations and the Articles of Incorporation in execution of duties
  • -The Sojitz Group Compliance Code of Conduct and Ethics and the manual for its implementation shall be established, as well as the Sojitz Group Compliance Program to ensure that Directors and employees comply with laws and regulations, the Articles of Incorporation, and internal rules.
  • -In order to fully achieve understanding of and compliance with amendments of laws and regulations relating to the Group’s operations, the reinforcement and improvement of the legal compliance system centering on the Compliance Committee shall be promoted. Also, the separation of duties by departments and the supervisors in charge of Group companies shall be clarified.
  • -Sojitz shall ensure that the Group does not enter into any business or other relationship with anti-social forces, and shall resolutely reject any improper request, taking legal measures if necessary.
  • iii) Rules and other systems regarding management of loss risks of the Company and its subsidiaries
  • -In order to prevent, or when impossible to prevent, to minimize economic losses of the Group, various potential risks for economic losses both inside and outside the Company including credit risks, business investment risks, market risks and disaster risks shall be analyzed and categorized. The Company shall establish internal rules or manuals, and assign a department for managing the risks in each category.
  • -The effectiveness of internal rules and handling procedures shall be periodically reviewed and improved. Furthermore, in the event that a new type of risk emerges in the Group due to changes in the business environment, a person and/or department to be responsible shall be promptly appointed, and appropriate internal rules with regard to the new risk shall be prescribed.
  • iv) System to ensure efficiency in execution of duties by Directors of the Company and its subsidiaries
  • -The responsible fields or departments of each Director and Executive Officer of the Company and the responsibility of each of its departments shall be made clear, as well as chains of command, scopes of authority and decision-making rules.
  • -In the Board of Directors rules, important matters requiring resolutions of the Board of Directors shall be clearly prescribed and the Management Committee and other committees to deliberate and decide other important matters shall be convened. Also, matters to be reported to the Board of Directors shall be set forth in the Board of Directors rules.
  • -A department to oversee the management structure of the Group and ensure the sound management of Group companies shall be established.
  • -Top management policy of the Group shall be promptly announced to all Directors and employees of the Group companies through the Management Committee, Corporate Planning Department or the supervisor in charge, and through other oral and written methods.
  • -Group management shall be promoted by preparing a management plan on a consolidated basis and by sharing management objectives and management indices within the Group.
  • v) System for reporting the execution of duties by Directors of subsidiaries to the Company and other systems for proper business operations in the Company and its Subsidiaries
  • -The supervisors in charge who manage the Group companies as prescribed in the Basic Code of Group Management shall be designated. The supervisors in charge must request prior consultation with the Group companies regarding important matters, and must report to the Company regularly on the business report, operating activity reports, and other reports.
  • -The Company shall review and develop the business processes of each Group company in light of internal controls relating to consolidated financial reporting.
  • -The Audit Department of the Company shall conduct internal audits on the Group companies, and ensure the proper conduct of their business operations.
  • vi) Employees assisting Audit & Supervisory Board Members of the Company and their independence from Directors, and the system to ensure efficiency of instructions to these employees from the Audit & Supervisory Board Members of the Company
  • -The Audit & Supervisory Board Members Office shall be established to assist Audit & Supervisory Board Members and assign the necessary employees.
  • -These employees shall work under the direction of the Audit & Supervisory Board Members of the Company, and their performance evaluations and personnel changes shall require the consent of the Audit & Supervisory Board Members of the Company.
  • vii) Reports to Audit & Supervisory Board Members
  • -The Board of Directors rules shall include a rule that requires any Director of the Company to immediately report to Audit & Supervisory Board Members of the Company when he/she learns of a fact that may cause significant damage to the Company.
  • -The department in charge of the internal reporting system of the Group shall report regularly to Audit & Supervisory Board Members of the Company on the status of the internal report from Directors and employees of the Group through the Compliance Committee or other body.
  • -The Audit Department of the Company shall provide Audit & Supervisory Board Members of the Company with a copy of the internal audit report upon completion of each internal audit.
  • -The Audit & Supervisory Board of the Company shall be entitled to request a report from the Accounting Auditor, a Director or other relevant person, as it deems necessary.
  • viii) System for ensuring that a person who reports to Audit & Supervisory Board Members of the Company will not receive disadvantageous treatment as a result
  • -A Director or employee of the Group shall not be treated disadvantageously because he/she makes a report through the internal reporting system or other methods (including reports to Audit & Supervisory Board Members of the Company and others).
  • ix) Other arrangements to ensure efficient auditing by the Audit & Supervisory Board Members of the Company
  • -Expenses deemed necessary shall be paid by the Company, keeping in mind the efficiency and appropriateness of audits by Audit & Supervisory Board Members.
  • -One or more of the Audit & Supervisory Board Members of the Company shall attend every meeting of the Board of Directors of the Company and express opinions as necessary. They may also attend the Management Committee and other important meetings of the Company, directly observing the discussions and reporting on important matters.
  • -Representative Directors shall regularly meet with Audit & Supervisory Board Members and exchange opinions on key issues, as well as on the conditions of and important issues relating to audits by Audit & Supervisory Board Members.

Status of Implementation and Operation in the year ended March31,2023

Overall Internal Control System

The Internal Control Committee, which is an executing body under the management of the President, consolidates and monitors the status of implementation and operation of the Internal Control System, and leads maintenance and improvement of our internal control systems.

(Overview of operational status)
The Internal Control Committee oversees the implementation and enforcement of the overall internal control system, as well as conducts periodic monitoring. The Committee also identifies issues and considers countermeasures related to the internal systems and frameworks, points out these issues to the relevant departments, and makes improvements. In addition, the Committee monitors progress on assessments of internal controls with regards to financial reporting, based on the Financial Instruments and Exchange Act, thereby working to ensure the reliability of financial reporting. Each committee (Compliance Committee, Sustainability Committee, Security Trade Control Committee, Quality Management Committee, DX Promotion Committee, and Information and IT System Security Committee) and working group (the Disclosure Working Group, the Business Continuity Management Working Group) discuss specific initiatives for their area of expertise.

The Internal Control Committee met five times during the fiscal year ended March 31, 2023, and reported the details of these meetings to the Board of Directors.

With a view to further disseminating and sharing important information including those concerning the establishment and revision of rules and guidelines of the Sojitz Group and precautions, Sojitz regularly distributes the “Internal Control Bulletin,” a summary of key information, to all Group companies in Japan and overseas.

Compliance

Sojitz has established a “Sojitz Group Compliance Program,” which sets out procedures for achieving thorough compliance, and have also formulated a “Sojitz Group Code of Conduct and Ethics,” which provides common criteria for conduct that applies to Group officers and employees globally.

The Compliance Committee, chaired by the Chief Compliance Officer (CCO), leads the establishment of systems for promoting compliance with laws and regulations and corporate ethics at Group companies and overseas bases, such as appointing compliance supervisors and forming compliance committees.

To help prevent or quickly detect compliance violations, Sojitz has a hotline (internal reporting system) that provides access to the CCO and outside legal counsel; a consultation desk where the Compliance Committee Secretariat members can be contacted; and the multi-lingual Sojitz Ethics Hotline, which is available 24 hours a day, 365 days a year. These systems are made known to all Sojitz Group officers and employees. In addition, a point of contact for external parties concerning the compliance of Sojitz has been established on the website of Sojitz, to collect any reports from outside of the Company.

To prevent corruption, Sojitz has also established the “Sojitz Group Anti-Corruption Policy” and the “Guidelines for Sojitz Group Anti-Corruption Policy,” and has introduced corresponding rules at overseas local subsidiaries as well as Group companies in Japan and overseas.

In addition, Sojitz became the first Japanese company to acquire the ISO 37001 certification, an international standard for anti-bribery management systems. To internally leverage the know-how that was cultivated in the process of acquiring and maintaining the certification, the Company is considering the inception of a new structure.

Furthermore, Sojitz formulated the Sojitz Group Basic Policy on Sanctions and Export Controls, in an effort to develop a safeguard structure against the risks associated with the violations of sanctions and export controls in Japan and overseas.

With regard to paid leave and medical checkup for employees, Sojitz has encouraged them to actively take paid leave and receive checkup, by improving work efficiency and fostering such workplace culture. Sojitz strived to thoroughly monitor the progress in order to ensure the fulfillment of legal obligations.

In addition, in expanding the business around the world, the Group has established the “Sojitz Group Tax Policy” regarding observance of tax compliance, optimization of tax costs, and relationships with tax authorities, and strived to fulfill its tax obligations in a timely and appropriate manner.

Sojitz has continued educational activities useful for business practice to ensure legal compliance and maintain a good working environment free of any kind of harassment, such as providing educational opportunities including e-learning.

(Overview of operational status)
Based on the action plan formulated by the Compliance Committee, Sojitz continues to provide counsel on how to prevent compliance issues from reoccurring, as well as providing assistance and guidance to Group companies on how to practice said Code of Conduct.

  • Specific activities related to compliance in the fiscal year ended March 31, 2023 included the following:
  • Meetings of the CCO with Chief Operation Officers of business divisions and presidents of Group companies
  • Regular liaison meetings among the compliance staff of Group companies
  • Regular liaison meetings with the compliance staff of overseas operating sites
  • Trainings, seminars and briefings on important issues concerning the prevention of harassment and corruption
  • Various training programs for newly hired employees, employees hired as mid-career professionals, employees on overseas assignments, and others
  • Alert letters for eradication of harassment and scandals caused by consumption of alcohol
  • Individual support for Sojitz’s domestic operating companies through a risk-based approach to enhance the compliance system (cooperation in investigations, tailored trainings, etc.)
  • Revision of the “Sojitz Group Code of Conduct and Ethics” (revised on April 1, 2022, and in the process of revision by the Group companies).

The Compliance Committee met a total of four times, once in each quarter, during the fiscal year ended March 31, 2023.

With regard to security trade control, based on the action plans formulated by the Security Trade Control Committee, the committee secretariat is engaged in activities for preventing violations of sanctions and export controls while providing support and guidance to the Group companies.

Specific activities carried out in the fiscal year ended March 31, 2023, included the following:

  • Various training programs for newly hired employees, employees hired as mid-career professionals, employees on overseas assignments, and others
  • Support for the revision and formulation of local security trade control-related regulations at overseas operating sites
  • Held two meetings of the Security Trade Control Committee
  • Support for responding to measures in concert with strengthened sanctions and others, due to changes in the security situation (including deterioration of U.S.-China relations, military coup d’état in Myanmar, and Russia's invasion of Ukraine, etc.)

Click here for “Compliance”.

Risk Management

Sojitz has designated categories of business activity risk based on the “Basic rules of corporate risk management,” has assigned officers responsible for each kind of risk, and has formulated the “Risk Management Policy and Plan” in order to deal with the various risks facing general trading companies today. By implementing a PDCA cycle with regards to formulating, executing, monitoring and summarizing the Risk Management Policy and Plan, Sojitz strives to secure its sustainability and further improve the risk management system.

(Overview of operational status)
Sojitz identifies risks in the entire Company and conducts periodic review on major risks through evaluations of the degree of materiality. The Group has currently identified twelve major risks (market risk, credit risk, business investment risk, country risk, funding risk, environmental and social (human rights) risk, compliance risk, legal risk, system and information security risk, disaster risk, risk related to sharing company information via the corporate website and social media accounts, and quality-related risk) and, in line with characteristics of those risks, has established the “Risk Management Policy and Plan.”

The “Risk Management Policy and Plan” is resolved by the Board of Directors, and the Internal Control Committee deliberates whether it is operating properly, issuing a report to the Board of Directors quarterly. Additionally, in the event that it becomes necessary to make everyone at Sojitz aware of measures to counter changes in the business environment, or if new risks require new responses, such situations are dealt with upon making the necessary reports to the management on the issues and the status of responses.

The twelve risk categories are further subdivided to track risks in a meticulous and comprehensive manner. The responsible corporate department (in charge of risks) and risk manager (COO) are designated for each risk to evaluate its materiality and to apply a PDCA cycle.

Our basic internal control policy comprises three lines of defense (first line: business divisions; second line: corporate departments; third line: internal audits). Under Medium-term Management Plan 2023, we seek to augment the risk management capabilities of the first and second lines while bolstering our capacity to respond to the risks that might emerge due to our entry into new business fields.

Whenever a new risk is detected during the period, the Company verifies risk countermeasures by ascertaining the company-wide system to address risk and its responses based on the three lines of defense.

To address quality management risks amid the expansion and diversification of our business fields, in the year ended March 31, 2022, Sojitz has set up the Quality Management Committee and formulated the Sojitz Group Quality Management Policy as a basic policy for the Group’s quality management, in an effort to strengthen its response to quality-related risks.

Sojitz continues to conduct ongoing education programs through a variety of risk management training, in order to firmly establish a risk management mindset among Sojitz Group officers and employees.

In April 2022, to respond to the diversified risks and expansion of the supply chain, Sojitz reorganized risk management organizations related to trading businesses and established a Supply Chain Risk Management Department. The department works to strengthen resilience by understanding individual risks along the supply chain, quickly assessing the degree of impact and responding flexibly to any sudden risk occurrence. In the fiscal year ended March 31, 2023, the Department prepared each scenario for geopolitical risks, natural disaster risks, quality risks, environmental and human rights risks to confirm the countermeasures to the risk occurrence through a dialogue with business divisions and corporate departments and discussion in the Management Committee.

Click here for “Risk Management”.

Management of Group Companies

Each Group company has a management system based on the management system for Group companies’ business operations defined in the “Basic Rules of Group Management” and the “Group Management Administration Regulations.” The status of each system is monitored on a periodic basis.

In addition, Directors monitor business management of Group companies through the business division or corporate department staff who supervise these companies, or else the Directors, Audit & Supervisory Board Members, and others dispatched to Sojitz Group companies.

(Overview of operational status)
Through the Directors and the Audit & Supervisory Board Members dispatched to each Group company, Sojitz manages and supervises Group companies, ensuring that they have established an appropriate management foundation and corporate governance and that these are working correctly. Sojitz also receives regular reports, including annual business reports and monthly operating activity reports. As for the most important matters at Group companies, execution of the most important business requires advance consultation with Sojitz to ensure appropriate management.

Additionally, in order to promote Group management, Sojitz has the business division or corporate department staff supervising Sojitz Group company explain Sojitz Group’s management philosophy, as well as make efforts to publicize our management philosophy and policies during training sessions for Group companies’ officers and employees.

Based on an audit plan adopted by the Board of Directors and under the supervision of the Internal Audit Committee, the Internal Audit Department of the Company conducts audits to investigate whether organizational governance, risk management, and internal controls are functioning appropriately in the Group companies. The Internal Audit Department also makes proposals for effective improvements to prevent losses and solve issues.

As part of the Group’s efforts to further enhance the corporate governance of Group companies, in order to improve the effectiveness of the Board of Directors at each Group company, the “Guidance for management of the Board of Directors” has been formulated, and the operating status of the Board of Directors at each company has been monitored and reported regularly to the Management Committee and the Board of Directors at Sojitz.

In addition, trainings for newly appointed Directors and Audit & Supervisory Board Members are provided on a yearly basis.

Management and Storage of Information

With respect to handling of important documents related to execution of duties such as the minutes of Board of Directors meetings, the responsible department shall appropriately manage such documents according to the retention period required by law based on guidelines including the internal rules for document retention, and shall make such documents available for viewing as necessary. As for the information related to business execution, a system is in place to monitor the status of operation by establishing rules that define the classification and confidentiality of the information. In addition, the Information and IT System Security Committee, chaired by the Chief Information Security Officer (CISO), is regularly held to strengthen the information security system.

(Overview of operational status)
With respect to information related to business execution, Sojitz regularly reviews the classification, management methods, and retention period of information as stipulated in the internal regulations, and makes efforts to ensure proper management. In addition, the Group has formulated guidelines on specific methods for the management and operation of information that requires particularly strict control, which is defined as “information requiring specific management,” and has investigated the status of holding such information and provided instructions for improvement as necessary. Furthermore, the Group has endeavored to bolster security governance across the board. Sojitz constantly reinforces its security measures by rolling out security measures previously taken mainly at the head office to the whole Group such as by introducing software to early detect cyberattacks that are becoming increasingly sophisticated and to minimize their impact, conducting security risk assessments, and providing guidance for improvement.

Click here for “Information Management”.

Arrangements to ensure effective auditing by the Audit & Supervisory Board Members

In terms of reporting to Audit & Supervisory Board Members, Sojitz has adopted a system which, in addition to the reports by the Directors, reports matters required for auditing in a timely manner, such as reporting on Group-wide matters by various committees, including the Internal Control Committee and the Compliance Committee, as well as the Internal Audit Department, and business reports from the consolidated subsidiaries. Additionally, relevant regulations provide that persons who report to the Audit & Supervisory Board Members will not receive disadvantageous treatment on account of having made the report.

For accounting audits, Audit & Supervisory Board Members receive explanations on the audit plan and regular reports on the audit status from the Accounting Auditor, share information with each other, and establish a system enabling efficient audits. Additionally, Audit & Supervisory Board Members monitor and verify whether the Accounting Auditor maintains its independence and constantly evaluate the status of quality management of audits.

(Overview of operational status)
Audit & Supervisory Board Members receive reports in a timely fashion and set interviews regularly in addition to exchange of opinions conducted between the Audit & Supervisory Board Members and Directors as well as the Audit & Supervisory Board Members and the Accounting Auditor.

Furthermore, for the fiscal year ended March 31, 2023, we conducted on-site inspections of overseas consolidated subsidiaries in some countries and regions where COVID-19-related regulations had been eased, and continued to conduct audits through remote auditing by utilizing a web conferencing system and communicating sufficiently with domestic and overseas consolidated subsidiaries.

 

Page top