Risk Management
The Group recognizes that risk management is not just for responding when emergencies or disasters occur and severely impact business activities. It is also important to take preventive measures to control and mitigate/avert risks.
Risk Management System
The Group established a risk management structure that supports further growth to achieve the Meiji Group 2026 Vision. Under this risk management structure, we identify overall Group management risks, reduce risks, and manage appropriate risk-taking.
In April 2021, we established the Risk Management Department, which is independent of the Audit & Supervisory Board, to strengthen Group-wide risk management, and appointed an executive officer in charge of the department. The Executive Committee evaluates and confirms Group-wide management risks in line with the Group Vision and the risk control status and reports them to the Board of Directors, which evaluates and supervises the system. Thus, we can manage risks by adapting to changes in our operating environment.
Furthermore, we have established risk management systems that are suited to the Food and Pharmaceutical businesses, respectively. We regularly share risk information across the company, which includes risks common to all of our businesses and risks that have impacts on the whole Group. Accordingly, we identify, evaluate, address, and solve risks promptly. The executive officer in charge of the Risk Management Department reports information to the CEO & President and Representative Director.
The Group Business Management Risks
We appropriately identify risks and develop countermeasures considering the risk impact from a company-wide business management perspective. In this way, we not only minimize risks, but we also achieve sustainable growth and gain new growth opportunities. We outlined the three visions - the Business Vision, Sustainability Vision and Management Foundation Vision - in the Meiji Group 2026 Vision. We have identified the Meiji Group Business Management Risks based on those three Visions.
Among the matters related to the status of business, accounting, etc. as described in this annual securities report, the main risks that management recognizes as having a significant impact on the financial position, operating results and cash flows of the consolidated company are as follows.
The future risks outlined in the table below are categorized based on our medium- and long-term management strategies. We have assessed their importance to the Group, taking into account the likelihood of occurrence and the level of impact on the Group.
The information represents risks recognized by the Group as of the date of submission of this annual securities report. These risks are not a comprehensive representation of all the risks related to our businesses.
(As of June 29, 2022)
Risks | Countermeasures | Change in risk recognition from previous year | Importance to the Group | |
---|---|---|---|---|
Sale and supply of products and services |
|
|
↗︎ | $$ |
The majority of profits comes from specific products |
|
|
→ | $$ |
Supply chains |
|
|
↗︎ | $$ |
Technological advances |
|
|
↑ | $$ |
Laws and regulations |
|
|
→ | $ |
Overseas expansion and overseas Group companies |
|
|
↗︎ | $$ |
Business plans, etc. |
|
|
→ | $ |
$$: Risks of greater importance $: Risks of great importance
Risks | Countermeasures | Change in risk recognition from previous year | Importance to the Group | |
---|---|---|---|---|
Caring for the Earth |
|
|
→ | $ |
Climate change |
|
|
↗︎ | $ |
Thriving Communities |
|
|
→ | $ |
Risks | Countermeasures | Change in risk recognition from previous year | Importance to the Group | |
---|---|---|---|---|
Corporate Governance |
|
|
→ | $ |
Damage to the Meiji brand |
|
|
→ | $$ |
Human capital and culture |
|
|
→ | $ |
Information asset leaks |
|
|
↗︎ | $$ |
Disaster, emergency or other unforeseen circumstances |
|
|
↗︎ | $ |
The Board of Directors selected the priority initiative topics for FY2021 relating to Group business management risks and confirmed the initiatives of each operating company.
Priority initiative topics for FY2021:
(1) Confirmation of quality assurance systems and reliability assurance structures applied to contract manufacturers and development partners.
There was an incident whereby a hypnotic substance was contaminated in Itraconazole tablets manufactured by Kobayashi Kako Co., Ltd. and sold by Meiji Seika Pharma Co., Ltd. In response, we confirmed the quality assurance system and the reliability assurance structure applied to contract manufacturers and development partners.
(2) Discovery of innovative treatment methods, manufacturing methods and formulation methods
In responding to the rise of mRNA vaccines as COVID-19 vaccines, we confirmed recognition and evaluation of and response to the technology.
(3) Information leaks and system shutdowns due to unauthorized access, etc.
Damage suffered by companies due to ransomware and targeted email attacks have become more prominent, and therefore, we confirmed our countermeasures against unauthorized access under usual conditions and responses when such incidents occur.
Information Security
We work to strengthen information security, including the management of personal information and confidential information. In addition to enhancing and implementing intellectual property protection and other information management in accordance with guidelines and rules related to various information management, we also ensure employee education and training are provided, and work to strengthen our continuously evolving IT technology.
We provide necessary information to customers through helpdesks and websites established for each business division. For shareholders and investors, we provide information disclosure through our IR activities and a dedicated website.
Basic policy
The Meiji Group understands the importance of ensuring the security of customer personal information and other information assets. With this in mind, we have outlined the Meiji Group Information Security Policy along with various related rules and guidelines that we apply towards ensuring and enhancing information security.
Management structure
The Meiji Group recognizes information security as a business risk. As an information security structure, the Meiji Holdings Co., Ltd. Executive Committee evaluates and confirms the state of information security management, and submits reports to the Board of Directors, which oversees the evaluation and monitoring of this structure. We also establish relevant committees within each operating company to strengthen information security and ensure an effective information security structure. In the event of a serious incident or other emergency situations related to information security, the executive officer in charge of the Risk Management Department at Meiji Holdings Co., Ltd. submits reports directly to the CEO, President and Representative Director.
Initiatives
Employee education
To improve information security awareness, we regularly conduct employee education and training concerning information security.
Education / training content | FYE March 2022 results |
FYE March 2023 results |
---|---|---|
Rate of new employee training | 100% (162 people) | 100% (168 people) |
Rate of e-learning education | 85% (10,315 of 12,137) | 88% (10,727 of 12,222) |
E-learning details | About risks and measures related to email and internet use (Example) Targeted attack email and cyberattacks that occur at other companies | |
Suspicious email / targeted email attack response training numbers | 11,217 people | 3,578 people* |
Other initiatives | Companywide warnings and one-point lessons about matters such as suspicious emails pretending to be a business partner or Meiji Group employee |
Strengthening incident response
The Meiji Group has created an Incident Response Procedure to prevent incidents before they occur if a security threat is detected as well as to prevent the spread of damage in the event an incident occurs. Specifically, we have established a CSIRT* structure within each operating company and implemented various measures, including outlining a response flow, conducting training, and working to further strengthen coordination between operating companies. This helps ensure business continuity and increase society’s trust in the Meiji Group.
CSIRT Structure Example: Meiji Co., Ltd.
Incident response details
We implement various measures to prevent incidents, including electronic media and PC encryption, IT asset management, and log monitoring. In the event of an incident, we prevent information leaks by taking measures such as locking accounts, conducting remote wipes, and investigating logs.
In cases where we suspect an organization has been subject to a cyberattack, we systemically prepare to conduct detection, isolation, and recovery.
Incident Response Procedure
Incident response training
The Meiji Group implements a regular annual training program on incident response. The results of training are reported to the supervising officers of each operating company, and structures are reviewed regularly based on those results.
Cybersecurity response
The Meiji Group continuously works to strengthen the cybersecurity of our IT environment, which includes our website servers and networks. These efforts include third-party vulnerability diagnosis using cyberattack simulations.