The Otsuka group recognizes that pursuing management efficiency and controlling the risks inherent in business activities are important for improving corporate value. For this reason, it is vital to establish a group-wide system that enables all executives and employees to swiftly uncover, identify, and deal with risks related to their work. The Otsuka group manages risk via the initiatives outlined below, under the supervision of top management.
To further improve risk management at Otsuka Holdings and the main operating companies, the Company introduced enterprise risk management (ERM) in July 2020 for recognizing and assessing group-wide risks as well as prioritizing the allocation of resources for the control of significant risks.
As part of ERM, we define uncertainties that could have a major impact on our ability to fulfill our corporate philosophy and achieve business strategy goals as risks, and have established a group-wide risk management framework and a system for risk assessment to effectively and efficiently manage significant risks faced by the group. Under this framework and system, we perform risk assessments to identify and gauge the significant risks faced by the group’s main operating companies; determine whether to mitigate, transfer, avoid, or accept risks; develop and implement risk management policies, and conduct monitoring activities on an ongoing basis.
At Otsuka Holdings, the Risk Management Committee oversees the group’s ERM as a whole. The committee participates in deliberations on significant risks and reports on them at meetings of the Board of Directors, formulates and monitors the implementation of policies for the management of significant risks, and provides instructions and support to the main operating companies when needed. The Board of Directors receives reports on committee activities, issues instructions as necessary, and oversees the efficacy of the group’s ERM structure.
Details of Risk Management Activities
Identification of significant risks begins with the sharing of risk awareness by senior management through interviews at Otsuka Holdings and the main operating companies (top down approach), as well as assessments of risks and controls by frontline employees (bottom up approach). This enables us to comprehensively identify the risks that exist in the group. Each group company develops risk management policies and risk management action plans for the risks that are judged to be significant risks, and regularly monitors and reviews the status of those risks and the progress of action plans.
Otsuka Holdings aggregates and visualizes the significant risks faced by each group company so as to grasp a comprehensive understanding of the existing risks and the status of controls in the group. Common risks that apply to the whole group are studied closely and the significant risks are gathered and identified. Based on the results of this process, the Risk Management Committee assigns priority to significant risks that could have major impact on the group’s business, for such as financial losses or business continuity.
Otsuka Holdings and our main operating companies develop and implement countermeasures to each significant risk based on the characteristics and risk tolerance. Otsuka Holdings provides the necessary guidance and support to group companies, which submit reports and seek advice from Otsuka Holdings, as appropriate. In these activities, the whole group coordinates closely to promote and practice ERM. Moreover, Otsuka Holdings and group companies work to prevent risks from becoming real by regularly monitoring them and confirming that they are within their respective tolerance levels.
Business Continuity Planning and Management
The Otsuka group has business continuity plans (BCPs) in place to minimize the impact on our business activities and ensure that the group continues to operate as effectively as possible in order to maintain the stable supply of products, even when largescale earthquakes and disasters strike.
In terms of business continuity management (BCM), Otsuka Holdings and all major group companies (Otsuka Pharmaceutical, Otsuka Pharmaceutical Factory, Taiho Pharmaceutical, Otsuka Warehouse, Otsuka Chemical, etc.) have partnered to create a system to tackle business continuity on a group-wide scale. Since acquiring ISO 22301 certification for the production and stable supply of pharmaceutical products, beverages, and foods in 2012, we have gradually expanded the scope of certification to include the stable supply of intravenous solutions (in 2015) and the stable supply of anticancer agents (in 2016). The acquisition of ISO 22301 certification demonstrates that our organization complies with international standards and is fully covered, from a BCP standpoint. In addition, the Otsuka group as a whole is working to strengthen measures and systems to minimize the impact on business activities in the event of an emergency. Every year, we conduct joint simulation drills for different scenarios, such as natural disasters and the spread of infectious diseases. These drills provide the opportunity to test our framework for cooperation under close-to-realistic conditions, with a focus on ensuring stable product supply.
Risk Management Training
Risk management training is held annually for directors, Audit & Supervisory Board members, executive officers, and department heads of major group companies. Training includes simulation drills and lectures by outside experts, and involves discussions and reviews on domestic and overseas risks, referencing serious incidents and other matters. Topics include the initial response and coordination of information among the group when a crisis occurs, measures to ensure business continuity, and corporate social responsibility.
The Otsuka group has established the Otsuka Group Global Security Policy as its basic policy on information security. We endeavor to ensure shared awareness of the policy at all group companies, including overseas subsidiaries. In striving to raise the level of, and constantly improve, comprehensive security across the group, we set up the Otsuka Group Information Security Committee to examine specific measures and to share up-to-date information with regard to information security based on the policy. To counter the risk of cyberattacks, the Otsuka group employs a number of measures, such as arranging system security audits by external specialists, diagnosing website vulnerabilities, conducting drills related to targeted email attacks, and monitoring posts on social media. The group also conducts regular emergency drills with a focus on the core systems that construct data. In addition, we have built capabilities for responding to cybersecurity emergency situations, including the establishment of the Computer Security Incident Response Team (CSIRT), which preempts the occurrence of damage from cyberattacks targeting personal information and trade secrets held by respective group companies.