Basic Concept and Status of Implementation and Operation of Internal Control System|Corporate Governance
Basic Policy on Internal Control System
(Basic Policy for the Development of a System to Ensure Properness of Group Business)
Basic Concept
Our firm, based upon “Sojitz Group Statement,” has established an internal control system comprised of rules, organizations and programs, and in accordance with the Companies Act and the Ordinance of Enforcement for the Companies Act, its Board of Directors resolved at a meeting held on June 18, 2024, to adopt a “Basic Policy for the Development of a System to Ensure Properness of Group Business” as follows.
|
|
---|---|
|
|
|
|
|
|
|
|
|
|
Status of Implementation and Operation in the year ended March 31, 2024
Overall internal control system
The Internal Control Committee, which is an executing body under the management of the President, consolidates and monitors the status of implementation and operation of the Internal Control System, and leads maintenance and improvement of our internal control systems.
(Overview of operational status)
The Internal Control Committee is responsible for overseeing the maintenance and operation of the overall internal control system. Through periodic monitoring, the committee identifies company-wide issues related to internal systems and structures, examines measures to address them, instructs the departments in charge, and makes improvements. The committee also supervises the progress of internal control evaluations related to financial reporting based on the Financial Instruments and Exchange Law and works to ensure the reliability of financial reporting.
The Internal Control Committee convened four times during the period under review and presented its findings to the Board of Directors.
Specific measures in each area are implemented by each committee (Compliance Committee, Sustainability Committee, Security Trade Control Committee, DX Promotion Committee, Quality Control Committee, Information and IT System Security Committee) and various study subcommittees (Disclosure Working Group, Business Continuity Management Working Group) under the President.
Compliance
The "Sojitz Group Compliance Program" outlines the procedures for thorough compliance, and the "Sojitz Group Compliance Code of Conduct" has been established to provide a common global standard of judgment upon which all Sojitz Group officers and employees can rely.
Furthermore, the Compliance Committee, chaired by the Chief Compliance Officer (CCO), has been instrumental in establishing compliance officers and compliance committees at each Group company and overseas office.
This has resulted in the establishment of a system to promote compliance with laws, regulations, and corporate ethics across the entire Group, in collaboration with one another.
To prevent and detect compliance violations at an early stage, the Group's officers and employees are informed of the hotline (internal reporting system) to the CCO and outside attorneys, the consultation service connected to the committee secretariat, and the "Sojitz Ethics Hotline," a multilingual hotline available 24 hours a day, 365 days a year. Furthermore, a compliance inquiry counter has been established on the Company's website to receive reports from external sources.
Additionally, the Sojitz Group Anti-Corruption Regulations and the Sojitz Group Anti-Corruption Procedure have been implemented to prevent corrupt acts, and Group companies have also introduced regulations in accordance with these regulations.
With regard to the risk of sanctions and export control violations in Japan and overseas, the Sojitz Group has established the "Sojitz Group Basic Policy on Response to Sanctions and Export Controls" and has built a system to deal with such risks.
In addition, as we expand our business globally, we have established the "Sojitz Group Tax Policy" to ensure tax compliance, optimize tax costs, and maintain positive relationships with tax authorities. Our goal is to fulfill our tax obligations in a timely and appropriate manner.
Furthermore, we have established and are implementing additional programs, including e-learning, to ensure compliance with laws and regulations and to maintain and sustain a favorable working environment that is free from all forms of harassment.
(Overview of operational status)
Based on the action plan formulated by the Compliance Committee, Sojitz continues to provide counsel on how to prevent compliance issues from reoccurring, as well as providing assistance and guidance to Group companies on how to practice said Code of Conduct.
Specific activities related to compliance in the FY2023 included the following:
- Held the Compliance Committee (four times)
- Meetings of the CCO with Chief Operation Officers and presidents of Group companies
- Regular liaison meetings among the compliance staff of Group companies
- Regular liaison meetings with the compliance staff of overseas operating sites
- Trainings, seminars and briefings on important issues concerning the prevention of harassment and corruption
- Various training programs for newly hired employees, employees hired as mid-career professionals, employees on overseas assignments, and others
- Alert letters for scandals caused by drinking alcohol and regarding price pass through
- Individual support for Sojitz’s domestic operating companies through a risk-based approach to enhance the compliance system (cooperation in investigations, tailored trainings, etc.)
- Distribution of e-learning/videos on the Sojitz Group Compliance Code of Conduct, Anti-Corruption, and Anti-Harassment to Group employees worldwide.
Especially, with regard to security trade control, based on the action plans formulated by the Security Trade Control Committee, the committee secretariat is engaged in activities for preventing violations of sanctions and export controls while providing support and guidance to the Group companies.
Specific activities carried out in the FY2023, included the following:
- Held the Security Trade Control Committee (twice)
- Various training programs for newly hired employees, employees hired as mid-career professionals, employees on overseas assignments, and others
- Support for the revision and formulation of local security trade control-related regulations at overseas operating sites
- Support for responding to measures in concert with strengthened sanctions and others, due to changes in the security situation (including U.S.-China relations, Situation in Myanmar, Situation between Russia and Ukraine, etc.)
Risk management
To address the various risks to which Sojitz is exposed in our business operations, Sojitz has established "Risk Management Basic Regulations" to classify and define risks.
For each classified risk item, Sojitz identifies a person responsible for management, formulates a "Risk Management Operation Policy and Plan," and continuously enhances its risk management system through a PDCA cycle of implementation, monitoring, and review.
In accordance with the Medium-Term Management Plan 2023, Sojitz is enhancing our risk management capabilities in the first and second lines of the three-line defense (first line: business Division, second line: corporate department, and third line: Internal Audit), which is the fundamental concept of internal control.
(Overview of operational status)
Sojitz Group conducts a materiality assessment after exhaustively identifying and reviewing company-wide risks based on the internal and external business environment. Currently, 12 major risks (such as Market risk, credit risk, business investment risk, country risk, financing risk, environmental and social (human rights) risk, compliance risk, legal risk, system and information security risk, disaster and other risks, risk related to the dissemination of corporate information via the website and SNS, and quality-related risk.) have been identified.
In the formulation of the "Risk Management Operation Policy and Plan" for each fiscal year, these risks are further subdivided, and detailed responses are taken according to the characteristics of each risk.
The "Risk Management Policy and Plan" is approved by the Board of Directors, and the status of its implementation is monitored by the Internal Control Committee and reported to the Executive Committee and the Board of Directors on a quarterly basis.
In addition, when changes in the business environment necessitate the strengthening of risk recognition and initiatives within the Group, or the need to address new areas of risk, these are reported to management and addressed as appropriate.
In the "Medium-Term Management Plan 2023," the Sojitz Group Quality Control Policy was established as the basic policy for quality control in the Group, and we are steadily strengthening our efforts to address quality-related risks.
In addition to traditional risk management in the trading business, the Sojitz Group is also quantifying and monitoring risks by assuming scenarios related to major risks, such as disasters and environmental risks, in order to capture risks throughout the supply chain and strengthen our ability to respond and resilience when risks occur.
We are also working to raise awareness of the importance of risk response among Group employees by establishing or changing Group rules and guidelines, distributing "internal control newsletters" that summarize key information such as precautions, and conducting self-inspections to check risk points for each organization. We are also promoting awareness of the importance of risk management among the Group's employees.
In addition, the Company conducts constant education and enlightenment activities through various risk management training programs to improve the risk sensitivity of the Group's officers and employees.
Management of Group companies
Each Group company maintains its own system under the supervision of the chief manager in accordance with the Sojitz Group's management control system, as outlined in the "Group Management Basic Regulations" and the "Group Management Operation Regulations." In addition, the status of system maintenance at each company is monitored on a regular basis.
In addition, Directors monitor business management of Group companies through the business division or corporate department staff who supervise these companies, or else the Directors, Audit and Supervisory Board Members, and others dispatched to Sojitz Group companies.
(Overview of operational status)
Sojitz receives regular reports from Sojitz Group companies, including annual business reports and monthly business activity reports. We also oversee the development and operation of appropriate management infrastructure and governance through directors and auditors dispatched by Sojitz. In addition, Sojitz requests prior consultation on important matters concerning the management of individual companies and oversees the execution of important business operations of group companies.
Furthermore, the Company aims to enhance group management by disseminating the Group's management philosophy and policies through the establishment of individual company regulations based on the Group's management policies and through training programs for executives and employees of Sojitz Group companies.
Based on an audit plan adopted by the Board of Directors and under the supervision of the Internal Audit Subcommittee, the Internal Audit Department of Sojitz conducts audits to investigate whether organizational governance, risk management, and internal controls are functioning appropriately in the Group companies. The Internal Audit Department also makes proposals for effective improvements to prevent losses and solve issues.
As part of the Group’s efforts to further enhance the corporate governance of Group companies, in order to improve the effectiveness of the Board of Directors at each Group company, the “Guidance for management of the Board of Directors” has been formulated, and the operating status of the Board of Directors at each company has been monitored and reported regularly to the Management Committee and the Board of Directors at Sojitz.
In addition, trainings for newly appointed Directors and Audit and Supervisory Board Members at Sojitz Group companies are provided on a yearly basis.
Management and storage of information
With respect to handling of important documents related to execution of duties such as the minutes of Board of Directors meetings, the responsible department shall appropriately manage such documents according to the retention period required by law based on guidelines including the internal rules for document retention, and shall make such documents available for viewing as necessary. As for the information related to business execution, a system is in place to monitor the status of operation by establishing rules that define the classification and confidentiality of the information. In addition, the Information and IT System Security Committee, chaired by the Chief Information Security Officer (CISO), is regularly held to strengthen the information security system.
(Overview of operational status)
With respect to information related to business execution, Sojitz regularly reviews the classification, management methods, and retention period of information as stipulated in the internal regulations, and makes efforts to ensure proper management. In addition, the Group has formulated guidelines on specific methods for the management and operation of information that requires particularly strict control, which is defined as “information requiring specific management,” and has investigated the status of holding such information and provided instructions for improvement as necessary. Furthermore, we are implementing enhanced security governance across the entire Group. This includes the deployment of security measures to detect and mitigate increasingly sophisticated cyber attacks, the introduction of software to reduce their impact, and the implementation of security risk assessments and guidance for improvement.
The Information and IT Systems Security Committee convened four times during FY2023.
Arrangements to ensure effective auditing by the Audit and Supervisory Board Members
In terms of reporting to Audit and Supervisory Board Members, Sojitz has adopted a system which, in addition to the reports by the Directors, reports matters required for auditing in a timely manner, such as reporting on Group-wide matters by various committees, including the Internal Control Committee and the Compliance Committee, as well as the Internal Audit Department, and business reports from the consolidated subsidiaries. Additionally, relevant regulations provide that persons who report to the Audit and Supervisory Board Members will not receive disadvantageous treatment on account of having made the report.
For accounting audits, Audit and Supervisory Board Members receive explanations on the audit plan and regular reports on the audit status from the Accounting Auditor, share information with each other, and establish a system enabling efficient audits. Additionally, Audit and Supervisory Board Members monitor and verify whether the Accounting Auditor maintains its independence and constantly evaluate the status of quality management of audits.
(Overview of operational status)
Reports to Audit and Supervisory Board Members are submitted in a timely manner. Meetings between Audit and Supervisory Board Members and directors and between accounting auditors are held regularly to exchange opinions.
Furthermore, Sojitz has initiated three-way audit meetings (with Audit and Supervisory Board Members, accounting auditors, and the Audit Department) on a regular basis, commencing with the current fiscal year. This will further enhance cooperation with the accounting auditors and the Audit Department.
Furthermore, audits of domestic and overseas consolidated subsidiaries are conducted through on-site inspections and remote audits using a web conferencing system to ensure sufficient communication.