AKEBONO REPORT 2016

42/54

Management SystemsSupporting a solid corporate structure, every Akebono associate is committed to ensuring thoroughgoing risk management and legal compliance and implementing information security policies. Corporate GovernanceCorporate Governance, Compliance and Information Security ActivitiesAkebono’s risk management structure is supported by the Risk Management Committee, comprising a group of directors chaired by the Representative Director & CEO, and the Risk Evaluation Committee, which oversees the implementation of the PDCA* cycle in risk management and is chaired by the Representative Director & Executive Vice President. Under the former’s supervision, the latter plays two key risk management functions, controlling Groupwide critical risks and promoting business continuity management (BCM) activities.As it expands globally, it is important that Akebono, beyond complying with the law and regulations, correctly understands and fullls its corporate social responsibility. Accordingly, we have set up the Compliance Committee, under the direction of the president, and established the “akebono Global Code of Conduct” and “akebono Global Standard of Behavior” to be observed by each associate.To respond to the globalization of management, Akebono not only conducts compliance but also endeavors to correctly recognize and carry out its corporate social responsibility. To this end, we have established and promoted the akebono Global Code of Conduct together with the akebono Global Standard of Behavior, and we also work to improve awareness of compliance, by conducting a variety of educational programs. As part of these efforts in our job-level-based training program, we include compliance training to raise the level of awareness on general compliance issues such as information control and prevention of harassment In addition to this, in scal 2015 compliance prociency tests were given to all associates in Japan, and a month dedicated to strengthening compliance generated thoughtful workplace discussions.To prevent compliance violations or to detect them at an early stage, and resolve them, Akebono has set up consultation counters, both in-house and outsourced, to provide counseling for all associates, including temporary employees and contract employees. Among these, some of the outsourced consultation has been entrusted to specialized agencies. At all of these counters, Akebono protects the details of the consultation and the personal information of the person seeking the consultation, and ensures that the person seeking consultation does not receive any prejudicial treatment.Moreover, Akebono conducts hearings about compliance for associates of domestic group companies every year. The results of these hearings can help Risk ManagementCompliance Structureto improve the Company’s business and workplace communication.In November 2015, Akebono made public the fact that it had uncovered an incidence of inappropriate accounting, and the Company decided to increase the frequency of Compliance Committee meetings from once a quarter to once every two months. At the same time, we again veried the positioning and functioning of this committee, and worked to improve the committee’s effectiveness, notably by increasing its members and their training. Akebono has established an Information Security Committee, as well as information security policies, guidelines and rules for the handling of information in order to implement appropriate measures protecting information assets appropriately. We clarify measures according to materiality and risk, in order to provide appropriate protection for data owned in-house or provided by customers or business partners from all kinds of threats, including negligence, accidents, natural disasters, and criminal acts. Under the Information Security Committee, the Company has also set up a working group, and established a system where an information security personnel or information system administrator in each section carries out their own checks against the information security risks to which their respective operations are vulnerable. Using a PDCA cycle to raise awareness of and adherence to the various regulations and guidelines through education and training, the Company is working to ensure information security. In the unlikely event that a violation does occur, such as with regard to the Company’s rules of employment, it is strictly dealt with. The Company complies with all relevant laws and regulations and other social norms, and strives to achieve the continuous improvement of its management systems, including in response to changes in the environment.Moreover, in recent years, in light of the increasing risk of information leakage due to global business expansion, growing dependence on IT and the increased liquidity of employment, the Company is further strengthening its information security. As part of these efforts, we implemented information security assessments by an external vendor for domestic Group companies in scal 2014 and for overseas Group companies in scal 2015.In the future, at the same time as continuing to implement global education and awareness-raising activities, we will continue to regularly conduct information security assessments, and strengthen our countermeasures to cyber-attacks, which are becoming increasingly sophisticated.Information Security Activities* PDCA: A management methodology that controls company’s activities from the four aspects of Plan (planning), Do (implementation of a plan), Check (checking the outcome) and Act (effecting improvement based on the check)AKEBONO REPORT 201641