Risk Management

Guidelines & Structure

The Fujitsu Group considers it an important management issue to appropriately identify and respond to risks in the Group’s business operations and other activities. Accordingly, the Board of Directors determined a Policy on the Internal Control System. Based on this policy, the Fujitsu Group established a Risk Management & Compliance Committee under the direct control of the Board of Directors, which acts as the highest-level decision-making body on matters involving risk management and compliance.

The committee also assigns Risk Management & Compliance Officers to each of the divisions and group companies in Japan and overseas. These organizations collaborate to build a risk management & compliance structure for the entire group, thereby guarding against potential risks and mitigating risks that have already materialized.

Furthermore, we created the Corporate Risk Management Division, which reports directly to the CEO and is independent of the business divisions. This body has assumed the secretariat functions of the Risk Management & Compliance Committee and, under the leadership of the Chief Risk Management Officer (CRMO), is responsible for interpreting risk-related information and spearheading rapid, appropriate responses where required. In addition, to strengthen functions related to information management and information security, in October 2021 we appointed a dedicated Chief Information Security Officer (CISO), and we are promoting group-wide information security initiatives by broadening the scope and clarifying the authority of the CISO.

• (*1)
  These are just some examples of the risks associated with doing business. More detailed risk-related information can be found in our securities and other reports.
  https://www.fujitsu.com/global/about/ir/policy/risks/
  Please refer to the web page below for detailed risk information in accordance with our Task Force on Climate-related Financial Disclosures (TCFD) declaration.
  “Response to Environmental Risks”
  https://www.fujitsu.com/global/about/environment/risk/

Processes

The Risk Management & Compliance Committee, identifies, analyzes and assesses the key risks associated with business activities in all business divisions and group companies in Japan and overseas. (Among the group companies, implementation is focused on 33 risks identified as particularly important.) It also checks the progress of measures designed to avoid, mitigate, transfer and accept such risks, and then formulates new measures or reviews existing measures.

The committee also prepares processes for dealing with risks that have eventuated despite implementation of the various preventive measures. If a critical risk arises, such as a natural disaster, product fault or defect, system or service problem, compliance violation, information security breach or environmental problem, then the department or group company concerned reports immediately to the Risk Management & Compliance Committee.

This committee then coordinates with the related departments and work sites to quickly resolve the problem by taking appropriate steps, such as establishing a task force. At the same time, the committee works to identify the causes of the problem and proposes and implements measures to prevent any recurrence. For critical risks, the committee also reports as needed to the Board of Directors. The Risk Management & Compliance Committee checks the progress of implementation of these processes on an ongoing basis and formulates improvements.

Risk Management Education

To enforce risk management across the entire Fujitsu Group, we conduct education and training at every level.

These programs are targeted at newly appointed executives and managers, as well as others, to educate them on our basic approach to risk management and our rules for promptly escalating issues to the Risk Management & Compliance Committee. The programs present specific instances of problems with products, services, and information security, with the aim of continually improving participants’ awareness of risk management and enhancing their capacity to respond to risks.

Refer to the “FY2021 Performance” section at the end of this document for information on education outcomes for FY2021.

Group-Wide Disaster Management

The basic policy of Fujitsu and its group companies in Japan is to ensure the safety of staff and facilities when disasters occur, to minimize harm and to prevent secondary disasters. We also aim to ensure that business operations resume quickly, and that we can assist in disaster recovery for our customers and suppliers. To this end, we are building robust collaborative structures in our internal organizations and strengthening our business continuity capabilities.

In particular, we are working to build “area-based disaster management systems” that enable the Group offices in each region to cooperate effectively and to promote responses via the management structures in each business unit and group company.

To verify the efficacy of our disaster management systems and enhance our response capabilities, we conduct drills tailored to every level, from the entire company through to task forces, workplaces and even individuals. We also implement voluntary inspections and verification activities to prevent accidents and minimize the level of harm in each of our facilities. These efforts enable us to accurately identify existing issues and review and implement measures to address those issues, thereby allowing us to work toward continually improving our capacity to prepare for disasters and sustain our business operations.

For more information on our Group-wide disaster management, joint disaster response drills and verification activities, refer to the PDF listed below in the activity outcomes for FY2021 in the “FY2021 Performance” section at the end of this document.

• Group-wide disaster management, joint disaster response drills, verification activities

Business Continuity Management

Recent years have seen a significant increase in the risk of unforeseen events that threaten continued economic and social activity. Such events include earthquakes, floods and other large-scale natural disasters, disruptive incidents or accidents, and pandemics involving infectious diseases. To ensure that the Fujitsu and its group companies in Japan can continue to provide a stable supply of products and services offering the high levels of performance and quality that customers require, even when such unforeseen circumstances occur, we have formulated a Business Continuity Plan (BCP). We are also promoting Business Continuity Management (BCM) as a way of continually reviewing and improving our BCP.

Regarding the COVID-19 pandemic, to maintain the safety of its customers, suppliers and employees, and their families, the Fujitsu Group has placed the highest priority on preventing the spread of the infection. It is also promoting initiatives to sustain the supply of products and services to customers and to help resolve the many societal issues that have arisen due to the spread of the infection.

For more information on our BCM activities, infectious disease countermeasures and BCM in our supply chain, please refer to the PDF listed below in the activity outcomes for FY2021 in the “FY2021 Performance” section at the end of this document.

• BCM activities, infectious disease countermeasures, supply chain BCM