Basic Concept and Status of Implementation and Operation of Internal Control System|Corporate Governance
Basic Policy on Internal Control System
(Basic Policy for the Development of a System to Ensure Properness of Group Business)
Basic Concept
Based on the “Sojitz Group Statement,” Sojitz has developed its internal control systems including regulations, organization, and structure. The “Basic policy regarding the establishment of systems for ensuring appropriate execution of Sojitz Group business operations” was resolved by the Board of Directors on June 18, 2024, based on the Companies Act and the Ordinance for the Enforcement of the Companies Act of Japan, as follows.
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
Status of Implementation and Operation in the year ended March 31, 2025
Overall internal control system
The Internal Control Committee, which is an executing body under the management of the President, consolidates and monitors the status of implementation and operation of the internal control system, and leads maintenance and improvement of our internal control systems.
(Overview of operational status)
The Internal Control Committee is responsible for overseeing the maintenance and operation of the overall internal control system. Through periodic monitoring, the Committee identifies company-wide issues related to internal systems and structures, examines measures to address them, instructs the departments in charge, and makes improvements. The Committee also oversees the progress of internal control evaluations related to financial reporting based on the Financial Instruments and Exchange Act and works to ensure the reliability of financial reporting.
The Internal Control Committee convened four times during the period under review and presented its findings to the Board of Directors.
Specific measures in each area are implemented by each committee (Compliance Committee, Sustainability Committee, Security Trade Control Committee, DX Promotion Committee, Quality Managing Committee, Information and IT System Security Committee) and various study subcommittees (Disclosure Working Group, Business Continuity Management Working Group) under the President.
Compliance
The “Sojitz Group Compliance Program” outlines the procedures for thorough compliance, and the “Sojitz Group Compliance Code of Conduct” has been established to provide a common global standard of judgment upon which all Sojitz Group officers and employees can rely.
Furthermore, the Compliance Committee, chaired by the chief compliance officer (CCO), has played a key role in appointing compliance officers and forming compliance committees at each Group company and overseas office.
These efforts have led to the establishment of a system to promote compliance with laws, regulations, and corporate ethics across the entire Group, through mutual collaboration.
To help prevent and detect compliance violations at an early stage, the Group informs its officers and employees of various reporting channels including a hotline (internal reporting system) to the CCO and outside legal counsel, a consultation desk connected to the committee secretariat, and the “Sojitz Ethics Hotline,” a multilingual hotline available 24 hours a day, 365 days a year. In addition, a contact point concerning the compliance of Sojitz has been established on its website to receive reports from external sources.
To prevent corruption, Sojitz has also established the Sojitz Group Anti-Corruption Regulations and the Sojitz Group Anti-Corruption Procedure, and has introduced corresponding regulations at Group companies.
With regard to the risk of violating sanctions and export controls in Japan and overseas, Sojitz Group has established the “Sojitz Group Basic Policy on Response to Sanctions and Export Controls” and has built a system to manage such risks.
In addition, as it expands its business globally, Sojitz has established the “Sojitz Group Tax Policy” to ensure tax compliance, optimize tax costs, and maintain positive relationships with tax authorities, and has strived to fulfill its tax obligations in a timely and appropriate manner.
Sojitz has developed and implemented educational programs, including e-learning, to ensure compliance with laws and regulations and to maintain a healthy working environment that is free from all forms of harassment.
(Overview of operational status)
Based on the action plan formulated by the Compliance Committee, Sojitz continues to provide counsel on how to prevent compliance issues from reoccurring, as well as providing assistance and guidance to Group companies on how to practice said Code of Conduct.
Specific activities related to compliance in the FY2024 included the following:
- Four meetings of the Compliance Committee held
- Meetings between the CCO and Chief Operation Officers as well as presidents of Group companies
- Regular liaison meetings among compliance staff of Group companies
- Regular liaison meetings with compliance staff of overseas operating sites
- Training programs, seminars and briefings on important issues concerning the prevention of harassment and corruption
- Various training programs for newly hired employees, employees hired as mid-career professionals, employees on overseas assignments, and others
- Issuance of alert letters regarding scandals involving the consumption of alcohol
- Individual support for Sojitz’s domestic operating companies through a risk-based approach to enhance the compliance system (cooperation in investigations, tailored training programs, etc.)
With regard to security trade control in particular, based on the action plans formulated by the Security Trade Control Committee, the committee secretariat is engaged in activities for preventing violations of sanctions and export controls while providing support and guidance to Group companies.
Specific activities carried out in FY2024, included the following:
- Two meetings of the Security Trade Control Committee held
- Various training programs for newly hired employees, employees hired as mid-career professionals, employees on overseas assignments, and others
- Support for the revision and formulation of local security trade control-related regulations at overseas operating sites
- Support for responding to measures in concert with strengthened sanctions and others, due to changes in the security situation (including U.S.-China relations, situation in Myanmar, and Russia-Ukraine situation)
Risk management
To address the various risks to which Sojitz is exposed in its business operations, Sojitz has various rules concerning risk management, manages and operates them, and strives to enhance its risk management system on an ongoing basis.
Sojitz is enhancing its risk management capabilities in the first and second lines of the three-line model (first line: business divisions, second line: corporate departments, and third line: internal audits), which is the fundamental concept of internal control.
(Overview of operational status)
Sojitz Group manages group-wide risk through the Internal Control Committee, an executing body under the management of the President. Taking into account changes in the business environment, the Committee takes a comprehensive view of the Group’s operations to identify key risks, assess their significance, and discuss and determine policies for responding to such risks. In addition, with respect to individual risks, the relevant corporate departments have established internal rules to ensure thorough implementation. Cross-functional monitoring is also conducted through internal committees to ensure that each risk is addressed appropriately based on its specific characteristics.
The Internal Control Committee monitors the status of its implementation of these risk management activities and reports regularly to the Management Committee and the Board of Directors.
In addition, when changes in the business environment necessitate enhanced risk awareness and initiatives within the Group, or require responses to new risk areas, such matters are reported to management and addressed as appropriate. To strengthen the risk management capabilities in the first and second lines, the Group revised various internal rules related to group-wide risk management in April 2025.
In response to changes in the global landscape and heightened geopolitical risks, the Group is working to strengthen its resilience by taking a holistic view of individual risks across the entire supply chain, assessing the potential impact of sudden risk events, and implementing agile response measures. During FY2024, the Group developed scenarios for geopolitical risks and disaster risk. Through dialogue between the business divisions and corporate departments, as well as discussions at Management Committee meetings, we reviewed response measures to be taken in the event such risks materialize.
To prepare for unforeseen events, the “Sojitz Group Basic Crisis Management Policy” sets forth the crisis management framework to be followed both during normal times and in the event of a crisis.
In addition, the “Crisis Management Operational Guidelines” outline the specific organizational structure and roles during a crisis, including initial response measures such as confirming the safety of officers and employees, assessing property damage, and reporting. The guidelines also establish a system that enables timely and appropriate decision-making based on the region and nature of the crisis, in order to prevent further damage.
We are also working to raise awareness of the importance of risk response among Group employees by establishing or changing Group rules and guidelines, distributing the Internal Control Bulletin that summarizes key information such as precautions, and by conducting self-inspections to check risk points for each organization.
In addition, the Company conducts constant education and enlightenment activities through various risk management training programs to improve the risk sensitivity of the Group’s officers and employees.
Operation execution system
Sojitz employs an executive officer system for the purpose of clarifying authority and responsibilities and ensuring smooth and swift execution of business through the separation of management supervision and decision-making from business execution. Additionally, by establishing internal rules and regulations, we have clarified the scope and content of authority for each decision-making body, role/position, and department, as well as the division of duties and decision-making processes. The Management Committee is chaired by the President, who is also the Chief Operating Officer, and consists of executive officers. The Management Committee is responsible for the review and approval of important managerial and executive agendas from a group-wide and medium- to long-term viewpoint.
In addition, we have established the Finance & Investment Deliberation Council for the review and approval of important investments and loans, the Human Resource Deliberation Council for the review and approval of major human resource matters, and internal committees to handle issues to be addressed from cross-organizational perspectives. All of these bodies report directly to the President.
In order to further expedite decision-making by promoting the delegation of authority from the Board of Directors to executive directors, and to enhance discussions at the Board of Directors regarding mid- to long-term management strategies and other important matters that may impact them, Sojitz transitioned to a company with an Audit and Supervisory Committee upon approval at the 21st Ordinary General Meeting of Shareholders held on June 18, 2024.
In addition, through the establishment of the “Group Management Basic Regulations” and the “Group Management Operation Regulations,” we have defined the management control system for the Group.
By also developing various internal rules for each subsidiary, we aim to enhance the efficiency of group management and maximize the corporate value of the Group.
(Overview of operational status)
The Company has appointed 26 executive officers (as of March 31, 2025). It also continuously reviews the content of its internal rules, including the Board of Directors Rules and periodically revises them.
In conjunction with the transition to a company with an Audit and Supervisory Committee, authority has been delegated from the Board of Directors to executive directors. To allocate sufficient time for deliberation on more critical agenda items, the Board of Directors finalizes its annual schedule and regular agenda items at the beginning of the fiscal year. Efforts are also made to streamline operations by leveling the number of agenda items and the time allocated to each item, and consolidating related reports into a single agenda topic, among others.
Management of Group companies
Each Group company maintains its own system under the supervision of the chief manager (Chief Operation Officer (COO) or COO of the business divisions and corporate departments) in accordance with Sojitz Group’s management control system, as outlined in the “Group Management Basic Regulations” and the “Group Management Operation Regulations.” In addition, the status of system maintenance at each company is monitored on a regular basis.
In addition, directors of the Company monitor the business management of Group companies through the business division or corporate department staff who supervise these companies, or else the directors, Audit & Supervisory Board members, and others dispatched to Sojitz Group companies.
(Overview of operational status)
Supervisors who manage Group companies present to the presidents of consolidated Group companies with the expected roles concerning the medium-term management plan, management targets, and key management issues. In response, the presidents clearly communicate their policy for addressing these expectations to the supervisors. Sojitz receives regular reports from Sojitz Group companies, including annual business reports and monthly business activity reports. We also oversee the development and operation of appropriate management infrastructure and governance through directors, Audit & Supervisory Board members, and others dispatched by Sojitz. In addition, Sojitz requests prior consultation on important matters concerning the management of individual companies and properly oversees the execution of important business operations of Group companies.
Furthermore, the Company aims to enhance group management by disseminating the Group’s management philosophy and policies through the establishment of individual company regulations based on the Group’s management policies and through training programs for officers and employees of Sojitz Group companies.
Based on an audit plan adopted by the Board of Directors and under the supervision of the President, the Internal Audit Department of Sojitz conducts audits to investigate whether organizational governance, risk management, and internal controls are functioning appropriately at Group companies. The Internal Audit Department also makes proposals for effective improvements to prevent losses and solve issues.
In addition, audit results are reported regularly to the President and the Audit and Supervisory Committee.
As part of the Group’s efforts to further enhance the corporate governance of Group companies, in order to improve the effectiveness of the Board of Directors at each Group company, the “Guidance for management of the Board of Directors” has been formulated, and the operating status of the Board of Directors at each company has been monitored and reported regularly to the Management Committee and the Board of Directors at Sojitz.
In addition, we invite outside experts to annual training for newly appointed directors and Audit & Supervisory Board members at Sojitz Group companies.
Management and storage of information
With respect to handling of important documents related to execution of duties such as the minutes of Board of Directors meetings, the responsible department shall appropriately manage such documents according to the retention period required by law, based on guidelines including the Board of Directors Rules and the internal rules for document retention, and shall make such documents available for viewing as necessary. As for the information related to business execution, a system is in place to monitor the status of operation by establishing rules that define the classification and confidentiality of the information. In addition, the Information and IT System Security Committee, chaired by the Chief Information Security Officer (CISO), is regularly held to strengthen the information security system.
(Overview of operational status)
With respect to information related to business execution, Sojitz regularly reviews the classification, management methods, and retention period of information as stipulated in the internal regulations, and makes efforts to ensure proper management. In addition, the Group has formulated guidelines on specific methods for the management and operation of information that requires particularly strict control, which is defined as “information requiring specific management,” and has investigated the status of holding such information and provided instructions for improvement as necessary. Furthermore, we are implementing enhanced security governance across the entire Group. We are expanding Group-wide security measures, such as the deployment of software to detect and mitigate increasingly sophisticated cyberattacks at an early stage, the implementation of security risk assessments, and the provision of guidance for improvement, and working to continuously strengthen our overall security framework. In addition, we plan to revise the IT Security Rules in FY2025 to strengthen account protection by increasing password complexity requirements.
The Information and IT Systems Security Committee convened twice during FY2024.
Effectiveness of audits by the Audit and Supervisory Committee
(a) System to assist the Audit and Supervisory Committee
Two senior auditors are assigned to ensure the effectiveness of audits by the Audit and Supervisory Committee.
Senior auditors are persons who are familiar with the Group’s business and operations and have knowledge of finance and accounting, risk management, and other relevant areas. They complement and support the duties of the Audit and Supervisory Committee from the same perspective as Audit and upervisory Committee members.
(Overview of operational status)
Under the direction of the Audit and Supervisory Committee, senior auditors assist the Audit and Supervisory Committee by accompanying on-site inspections of domestic and overseas consolidated subsidiaries, attending various internal audit report meetings, and providing appropriate support to the Audit and Supervisory Committee members.
(b) System for reporting to the Audit and Supervisory Committee
In terms of reporting to the Audit and Supervisory Committee, Sojitz has established a system under which, in addition to reports from directors, matters required for auditing are reported in a timely manner, such as Group-wide matters reported by various committees, including the Internal Control Committee and the Compliance Committee, as well as the Internal Audit Department, and business reports from the consolidated subsidiaries. Additionally, relevant regulations provide that persons who report to the Audit and Supervisory Committee shall not be subject to any disadvantageous treatment as a result of such reporting.
For accounting audits, the Audit and Supervisory Committee receives explanations on the audit plan and regular reports on the audit status from the Accounting Auditor, shares information with them, and has established a system to enable efficient audits. Additionally, the Audit and Supervisory Committee monitors and verifies whether the Accounting Auditor maintains its independence and constantly evaluates the status of audit quality management.
(Overview of operational status)
Reports to the Audit and Supervisory Committee are submitted in a timely manner. In addition to regular meetings between Audit and Supervisory Committee members and the representative director, and between the Committee members and the Accounting Auditor, three-way audit meetings (involving the Audit and Supervisory Committee, the Accounting Auditor, and the Internal Audit Department) are also held to further strengthen collaboration with the Accounting Auditor and the Internal Audit Department.
Furthermore, audits of domestic and overseas consolidated subsidiaries are conducted through on-site inspections and remote audits using a web conferencing system to ensure sufficient communication.
(c) Other systems to ensure the effective implementation of audits by the Audit and Supervisory Committee
The Company allocates the necessary expenses for Audit and Supervisory Committee members to perform their duties. A system is in place whereby Audit and Supervisory Committee members selected by the Committee attend important meetings to directly grasp the status of deliberations and reports. They also regularly engage in the exchange of opinions with the Representative Director of the Company.
(Overview of operational status)
Audit and Supervisory Committee members selected by the Committee attend all meetings of the Management Committee, the Finance & Investment Deliberation Council, and various internal committees, including the Internal Control Committee, the Compliance Committee, the Sustainability Committee, the Security Trade Control Committee, the Quality Managing Committee, the DX Promotion Committee, and the Information and IT Systems Security Committee, as well as audit report
meetings. They report matters that should be reported to the Audit and Supervisory Committee at its meetings.
In addition, the Audit and Supervisory Committee holds interviews with the Representative Director twice a year to exchange opinions on issues the Company should address, the development of the audit environment for the Committee, and key matters related to audits, and other matters.