We work to identify potential major risks to prevent them from occurring, and we have a structure in place to ensure that appropriate actions are taken in case they occur.
We established "Risk Management Regulations" and introduced Enterprise Risk Management (ERM) in FY2019, aiming for total, rather than partial, optimization of risk management.
We have appointed the President, Representative Director, and Chief Executive Officer as Chief Risk Management Officer, and member of the board of directors, Senior Executive Officer/ Executive Director, head of Corporate Strategy &Planning, as Head Risk Management Officer and established a company-wide risk management system. We consider risk management issues to be priority issues in terms of corporate strategy and planning and we are addressing them.
In addition, the Risk Management Committee was established under the Management meeting and the Legal Department, which is in charge of risk management (secretariat), is mainly promoting ERM.
The Audit & Supervisory Board and the internal audit department (Business Audit Department) are in charge of auditing the progress of ERM. The Risk Management Committee regularly reports company-wide risk assessment results and the progress of actions against risks to the Audit & Supervisory Board and the Business Audit Department in order to increase the effectiveness of audits.
ONO’s risk management system
Vol.1 | Basic knowledge and idea of risk management |
---|---|
Vol.2 | Why misconducts occur despite conducting risk management? |
Vol.3 | Why Bad News First does not function? |
Vol.4 | How can we increase the capability of staff members to imagine potential risks? |
We have set up a BCP Management Headquarters under the Emergency Response Committee, chaired by the President and Representative Director, and established a system designed to minimize the impact on operations even if a natural disaster or serious accident occurs, so that we can continue business activities, and even if they are suspended, recover promptly and resume them. And for management during normal times, we have a Business Continuity Management (BCM) Committee, which is chaired by the Executive Director of Corporate Strategy & Planning and is in charge of business continuity management, and a Management Office to maintain and strengthen our abilities to respond to crisis and continue our business operations, and promote relevant management activities.
We have prepared for disasters by installing systems such as emergency generators and duplicate power service in our Headquarters, the Tokyo Building, and all of our plants and research institutes, and we have also introduced seismic isolation systems to prepare for earthquakes in our Headquarters, the Tokyo Building, Minase Research Institute, and the Yamaguchi Plant. Also, in order to prepare for a large-scale disaster, we have divided our disaster action bases into the Headquarters in Osaka and the Tokyo Building so that we have two bases to function against disasters.
The BCM Committee establishes business continuity plans responding to all hazards in the medium- to long-term, conducts drills based on inter-division cooperation, and thereby increases effectiveness in handing business continuity. In addition, the BCM Committee is developing global emergency response plans and business continuity plans, including for overseas subsidiaries, in consideration of our own marketing operations in Europe and the U.S.A.
The Group's business performance may be significantly affected by various risks that could in the future occur in its business activities.
The major risks that have the potential to affect the Group's business are listed below. However, this list does not cover all risks, and there are risks other than those described below that could potentially influence investor decisions.
The matters in this document relating to the future are based on the judgment of the Group as of the end of FY2022.
Identified risks are divided into three categories, “strategic risks,” “external factor risks,” and “operational risks,” and basic action policies and priority orders against risks are determined. The basic action policy for each risk category is stated below.
ONO’s “major risks” based on these three categories are stated below.
Risk field | Major risk item | Risk category |
---|---|---|
(1) New product development |
|
Strategic risk |
(2) Response to changes in the market environment |
|
Strategic risk |
(3) Compliance |
|
Operational risk |
(4) Product quality control |
|
Operational risk |
(5) Recruiting, training, and securing (retaining) human resources |
|
Strategic risk |
(6) Large-scale earthquakes, climate change-related natural disasters, and accidents |
|
External factor risk |
(7) Supply-chain (stable supply) |
|
External factor risk |
(8) Health insurance system reform |
|
External factor risk |
(9) Reliance on specific products |
|
Strategic risk |
(10) Newly discovered side effects |
|
Strategic risk |
(11) Intellectual property rights |
|
Operational risk |
(12) Litigation | (To be included in other risks.) | |
(13) Information management |
|
Operational risk |
(14) Overseas business expansion |
|
Strategic risk |
(15) Alliance with other companies |
|
Strategic risk |
(16) Fluctuations in financial market conditions |
|
External factor risk |
(17) Response to environmental issues |
|
External factor risk Operational risk |
(18) Pandemic |
|
External factor risk |
(19) Deferred tax assets and impairment treatment |
|
Strategic risk |
Information assets are very important management resources.
We established a global policy on information security to protect information resources strictly, including data related to research and development and the personal information of internal and external stakeholders, and to manage the information appropriately. In consideration of the global increase in cyberattacks and security threats, we are also addressing the further strengthening of cybersecurity based on the global standard framework.
The ONO Group has established the Information Security Global Policies and procedures. To ensure their effectiveness, an information security management system has been established, including specific actions to be taken in the event of an information security incident.
Overall responsibility for information security rests with the Information Security Director (Corporate Executive Officer / Executive Director, Digital & IT Strategy). The Information Security Director is responsible not only for formulating the Group’s information security management strategy, but also for creating, revising, implementing and managing related policies, etc. and for ensuring that our Group complies with them, while taking into account changes in the environment surrounding ONO and the latest trends in relevant laws and regulations. Under the Information Security Director, Information System Division Manager and the Division Directors of Information Security are appointed to perform information security management duties at each division and Group company*.
In addition, we also provide training to employees and conduct regular security audits in order to increase company-wide cybersecurity awareness.
*A company of which 100% of voting rights are owned by ONO PHARMACEUTICAL CO., LTD..
Organizational Structure for Information Security Management
Click here for our Privacy Policy.