Promotion of Risk Management
The Anritsu Group views risks as uncertain events that affect corporate value such as organizational profit and social credibility. In other words, we do not consider risks as necessarily negative but instead as potentially positive events if managed appropriately. We recognize proper risk management as a vital management issue and have established a risk management system for the Anritsu Group as a corporate entity. We focus on initiatives that will enhance the risk sensitivity of not only top management but of all employees. At the same time, we promote risk management through an all-inclusive effort to maintain and expand our corporate value, fulfill our corporate social responsibility and seek sustainable development for the Group.
|Risk Management Policy
|The Anritsu Group will maintain and increase its corporate value, fulfill its corporate social responsibility and seek sustainable development for the Group by appropriately managing risks that affect management.
- We will seek to enhance the risk sensitivity of not only general managers but of all employees in an all-inclusive effort to promote risk management.
- General managers and all employees will promote risk management by complying with the Anritsu Group Charter of Corporate Behavior and the Anritsu Group Code of Conduct as well as laws and regulations as the basis of the company’s internal controls.
- We will generate profit and limit losses by controlling management risks related to strategic decision making such as entry into new business areas and product development strategy, as well as operational procedures.
- We will anticipate potential emergency situations insofar as possible to prevent their occurrence. In the event that an emergency does occur, we will seek to minimize and limit losses and promptly extricate ourselves from the critical situation into a state where autonomous recovery is possible, and subsequently prevent a recurrence.
Activities for FY2017
- Anritsu Group Risk Management
- Incorporating strengthening activities in relation to global risks
- Information Security Risk
- Increasing restrictions on employees’ Internet access
- Improved countermeasures against unsolicited e-mail
- Implementing education on global information security
- Acquisition of ISO27001 certification in the network monitoring business in the EMEA region
- Column: IT investment
- Business Continuity Management
- Business continuity management at manufacturing bases
- Developing infrastructure for stable supply—Global head office building installed with seismic isolation equipment
- Securing the information systems
Please download the PDF for more details.
Under the supervision of the Group CEO’s risk management, the main risks are divided into the following categories: (1) business risks associated with management decision making and execution of operations; (2) legal violations; (3) environmental; (4) quality of products and services; (5) import/export control; (6) information security; and (7) disasters. Anritsu has clarified the risk management officer (executive officer) responsible for the management for each category of risk. The risk management officer for each category of risk supervises a committee comprising the heads of relevant divisions and management officers of Group companies, exercises overall control of the Group companies involved in managing the relevant risk, and provides timely reports to the Management Strategy Conference on the risk management measures, plans, status of implementation, and results of the management cycle throughout the year. In addition, Anritsu’s risk management promotion divisions are responsible for setting rules and guidelines and conducting education and training to raise the level of risk management and ensure ongoing business development.
Each risk management officer supports the activities of overseas Group companies in managing the relevant risk. In addition, the regional headquarters in the Americas conducts its own activities with a task force in charge of the management of each business risk. With respect to compliance risk, compliance officers at each regional headquarters conduct risk assessments toward formulating annual action plans.
Risk Management Promotion System
Risk Categories and Committees
Business Continuity Management
Basic Policy on Business Continuity Management*1
Each Anritsu division creates a business continuity plan (BCP*2) to maintain smooth operations in the event of a disaster or emergency by minimizing damage and resuming full business activities as quickly as possible.
In fiscal 2017, we examined our disaster recovering planning and business continuity planning (DRP*3/BCP) based on an earthquake at the same level as the 2016 Kumamoto earthquake. We will conduct a survey with Group companies and continue to consider how to proceed in the future.
*1. Business continuity management: Management activities conducted during normal operations, such as formulating, maintaining and updating business continuity plans, securing budgets and resources for continuing business, taking preparatory measures, implementing education and training before launching initiatives, conducting inspections and making continuous improvements.
*2. BCP (Business Continuity Plan): A plan formulated to ensure the rapid resumption of critical business functions in the event that business activities are interrupted by an emergency.
*3. DRP: Disaster recovery plan
|Basic Policy on Disaster Response
|The Anritsu Group establishes a prevention system against disasters that may significantly affect its management, places top priority on ensuring the safety of its stakeholders including employees and local communities in the event of a disaster or accident, and strives to minimize damage and promptly resume business activities in order to fulfill its social responsibility and continue to seek enduring success for the Anritsu Group.
In conducting its business activities, the Anritsu Group considers it a social obligation to protecting the information of all stakeholders, including customers, shareholders, and investors, suppliers, and employees, and information assets belong to the Anritsu Group. The Anritsu Group is making a continuous effort to maintain and enhance information security through its information security management system.
|Basic Rules of Information Management
|The Anritsu Group (“Anritsu”) recognizes its social responsibility for effectively protecting information related to all of its stakeholders, including customers, shareholders/investors, business partners and employees, throughout the course of its business operations, which offer “Original and High Level” products and services with sincerity, harmony and enthusiasm. Moreover, we view information as a vital asset for Anritsu and all its stakeholders. Therefore, Anritsu has established these Basic Rules of Information Management and declares it will responsibly handle information assets and take all possible actions to ensure their protection.
- Anritsu shall comply with the laws and social norms governing information assets and information management.
- Anritsu shall build information management systems and strive to effectively manage information assets.
- Anritsu shall develop and implement corporate regulations that define concrete procedures and rules of information management.
- Anritsu shall provide its officers, employees and others with the necessary education and training to deepen their knowledge of information management.
- Anritsu shall implement appropriate human, organizational, physical and technical measures to protect information assets.
- Anritsu shall quickly respond to risks associated with protecting information assets to minimize damage.
- Anritsu shall regularly and continually review and improve the information management activities noted above.
Structure (Information Security Management)
The information security management system consists of the Information Management Committee made up of key executive officers from each business division and Group companies, and the Information Security Subcommittee operating under the Information Management Committee. The security subcommittee is divided into the Information Security Subcommittee composed of representatives of Japanese Group companies and the Global Security Subcommittee consisting of Chief Regional Officers. As the security officer of their respective affiliated organizations, each member of these subcommittees strives to maintain and enhance information security.
The Information Management Committee formulates policies on information management that apply to the entire Group and to investment policies, and the Information Security Subcommittee conducts policy enactment and implementation measures, and activities such as employee training, countermeasures to deal with an incident when it occurs, and information sharing.