Risk Management
We identify, analyze, and assess various risks surrounding our business based on future projections and changes in the internal and external environment, and implement measures to avoid, mitigate, transfer, or acknowledge, etc., related to these risks. In addition, by monitoring the situation, we promote risk management in accordance with the following principles with the goal of appropriately managing risks and supporting the management of the Group.
- Management and employees will all be involved.
- Recognize risks linked to business goals and promote them as an organization-wide activity.
- Review risks and risk response plans, taking into account the organization’s purpose, mission, and goals, as well as internal and external conditions.
- Continuously improve based on evaluation of the effectiveness of our initiatives and feedback from stakeholders.
Enterprise Risk Management Promotion Structure
The Group determines material risks, approves response plans for each material risk, and monitors these plans, all under the approval of the JX Advanced Metals Executive Council. In addition, the Risk Management Office in the Company’s Administration Department is responsible for the overall risk management for both the Company and Group, handling ERM.
Status of Enterprise Risk Management Initiatives
Risk is defined as "any and all uncertainty that could have an impact on the management of JX Advanced Metals Group companies." Here, in order to achieve risk management that is linked to our long-term vision, medium-term management plan, and business plan, we classify risks into management risks and business risks. Among those management risks and business risks, risks that we determine will have a significant impact on the Group's management, and that should be addressed on a company-wide basis, are designated as material risks by the Executive Council. These material risks include related to technology, business continuity, and geopolitical risks. The department responsible for these material risks takes the lead in implementing risk responses. In addition, the Executive Council monitors the status of these actions.
- 1.Management Risks
Risk of obstructing achievement of the management goals of the JX Advanced Metals Group. These risks are selected by consensus from the general managers of corporate departments. - 2.Business Risks
Risks that may affect the achievement of goals related to the execution of business by the respective organization. The organization in charge of each risk selects these risks through a business risk identification survey. Each organization appoints risk management promotion managers and risk management promoters, with the goal of promoting the penetration of risk management activities within each organization. - 3.Material Risks
Management and business risks that are selected by the Executive Meeting as risks that could have a significant impact on the management of the JX Advanced Metals Group. The Executive Council approves and monitors risk response.
Enterprise Risk Management Governance Structure
Implementation and Strengthening of Risk Transfer Strategies
Risk Response refers to selecting and implementing appropriate actions (transfer, mitigation, retention, or avoidance) based on the results of a risk assessment. For risks that could have a significant impact on our business activities despite risk reduction measures, we utilize insurance as a means of risk transfer. In order to enhance the usefulness of insurance, the Company is surveying the insurance policies held by the Group in Japan and abroad in fiscal 2023, and is implementing global initiatives for insurance optimization in cooperation with relevant departments.
Risk Management That Creates Corporate Value
In order to create new corporate value in uncertain times, it is necessary to take certain risks and adopt a more aggressive approach. The Group regards risk management as a strategic framework necessary to ensure the achievement of the JX Advanced Metals Group Long-Term Vision 2040, and is promoting activities related accordingly.
Progress of JX Advanced Metals Group's Enterprise Risk Management (ERM)
The Group began establishing a risk management system in 2015 and has been promoting its activities since then. At the time of its establishment, the system focused on operational risks related to potential accidents and damages that could occur in the course of business operations in areas such as quality control, health and safety, and environmental protection. In 2019, the formulation of a long-term vision aimed at 2040 prompted the transition to a risk management approach that supports its achievement. We shifted from traditional risk management activities to the implementation of Enterprise Risk Management (ERM*), referencing ISO 31000.
The JX Advanced Metals Group regards ERM as an essential element in achieving our long-term vision. We are committed to continuous improvement to enhance the effectiveness of our ERM practices.
- *A system or process to ensure that risk management is implemented in an organized, systematic, effective, and continuous manner in order to increase the certainty of achieving the organization's objectives and goals. The acronym ERM stands for Enterprise Risk Management in English.
Toward Advanced of ERM
In advancing ERM, we utilize the Risk Management Society's ("RIMS*") maturity model. This model defines the status for each pillar, such as Strategy Alignment, at various tiers. These are compared to the Group’s ERM status to assess maturity.
After setting the desired goals, we regularly conduct a gap analysis between the defined state at each tier and the current state of our group's ERM. This helps us identify the challenges we face in reaching the next tier. By implementing measures to resolve these challenges, we can achieve more effective ERM.
- *Based in New York, this is the world's largest risk management organization, with more than 9,000 risk management professionals as members worldwide.
Risk Management Activity Framework
Based on the results of the maturity assessment, we have identified the dissemination of ERM activities throughout the Group and the development of risk-sensitive personnel as the two key elements to promote for achieving a more effective ERM. Specifically, through our outreach efforts, we aim to deepen understanding among all executives and other employees in our group regarding the importance of ERM and its connection to our management strategy by consistently highlighting these points. Additionally, through personnel development, we aim for individuals at various levels and roles to acquire the knowledge and skills necessary for effective risk management.
In order to incorporate these elements into actual activities and implement them, it is also necessary to develop processes that ensure risk management functions as a company-wide initiative.
Ultimately, the goal is for employees at all levels in each organization within the Group to fulfill the risk management roles required by their positions and to operate the ERM system autonomously.
Disseminate ERM Activities Throughout the Group
Regular awareness-raising to enhance each individual's daily risk management practices
We regularly publish Risk Management Newsletter, an in-house newsletter dedicated to risk management, with the aim of making risk management accessible to each employee and promoting its dissemination throughout the Group. For example, we feature articles such as, "What does the president consider risk management?" in which we interview the president. There are also articles regarding the latest trends in global risk, as well as those featuring good examples of how risk is handled within the Group.
Risks are not limited to Japan, but exist everywhere in any business organization, regardless of its size or location. To this end, in fiscal 2023, we also began publishing an English version of the newsletter to promote risk management among employees in all regions.
We conduct reader surveys twice a year to continuously monitor the level of dissemination, and we develop our initiatives based on the feedback received from these surveys.
Develop Risk-Sensitive Personnel
The foundation for the advancement and dissemination of ERM is human resources. The Group is implementing the following measures to promote company-wide understanding of risk management and encourage employees to engage with it as a personal responsibility through the following initiatives.
Acquiring Skills to Enhance Each Individual’s Daily Risk Management Practices
(1) Target-Specific Training
Based on the Risk Management Training System, we are implementing training tailored to specific target groups in a phased manner. In each organization responsible for risks, e-learning and comprehension tests are conducted at the time of appointment for those in charge of risk management promotion. This ensures that they are equipped to lead the annual business risk assessment and risk response, allowing them to exercise their abilities as leaders in their respective organizations.
The program provides an overview of the Group's risk management activities and explains to newly appointed managers, leaders, chiefs, and newly graduated employees the expected roles for each position. The Risk Management Office also holds in-house cross-organizational study groups on an annual basis, where we deliver lectures on the fundamentals of risk management to all employees.
| Target Group | Objective |
|---|---|
|
|
|
|
| All employees (including those covered above) | Fostering Risk Sensitivity |
(2) Member Skill Set
The Risk Management Office is committed to improving the competence of its members. Specifically, we have established our own skill sets of the skills and knowledge required to perform risk management tasks, and visualize the status of acquisition of these skills by our office members. Each member conducts a self-assessment during the performance evaluation period and, through discussions with their supervisor, works on improving their individual capabilities.
In the future, we will establish and develop skill sets not only for Risk Management Office members, but also for risk management promotion managers and promoters assigned to each business division, group company, and plant in an effort to broadly support the development of risk management talent.
| Knowledge and Skills Required for Members of the Risk Management Office |
Classification | Outputs (Outputs That Can Be Expected From Having the Knowledge and Skills) | Output Level |
|---|---|---|---|
| Understanding Business Operations | Knowledge |
|
Level 1-3 |
| Key Business Processes of the Risk Management Office | Knowledge |
|
Level 1-3 |
| Knowledge of Contract Formation | Knowledge |
|
Level 1-3 |
| Knowledge of Insurance | Knowledge |
|
Level 1-3 |
Risk Management Process
Identifying Risks and Conducting Scenario Planning in Collaboration With Management After Trend Analysis
Within the Group, we are working to implement risk management linked to our long-term vision, medium-term plan, and business plan by establishing three categories of risk: business risks, management risks, and material risks.
Process for Initiating Risk Response for Material Risks
Material risks will be identified and risk responses initiated in conjunction with the timing of the medium-term management plan, according to the following steps. The process involves the participation of key members of the Group’s management, such as the general managers of corporate and business divisions, as well as the president and vice presidents. This ensures that management’s perception of a risk is correctly reflected as a material risk.
Importance of Scenario Planning
Risk scenarios are developed for all material risks. Risk scenarios are documented descriptions that outline the causes of risks manifesting and the potential effects on the Group if these risks were to materialize. The benefits of developing risk scenarios are as follows.
(1) Risk response includes activities to prevent risks before they occur and activities to minimize the impact if they do occur. The more clearly we define causes in risk scenarios, the easier it is to identify the most appropriate actions to take.
(2) By verbalizing risks and their impacts in detail as risk scenarios, we can correctly identify risks and ensure a unified recognition of these risks by all members of the Group, especially management. All risk scenarios will be finalized through discus-sions between the president and vice presidents.
Risk scenarios should not be created once and left unchanged; they need to be revised in response to changes in the internal and external environment. Instead of thinking about it after it happens, we are focused on using our imaginations to prepare for what if scenarios, and striving to embed this mindset within the organization.
Message From a Director
Vice President and Executive Officers
Sugawara Shizuo
In this Identification of Material Risks - Scenario Review session, we held several discussions that delved into how the president and vice presidents should engage with the members of the Risk Management Office. For example, with regard to technology, while we identified multiple risks related to products and technology, there was a sense that our understanding of these risks re-mained somewhat superficial. Through this discussion, we concluded that we should integrate risks based on their relationships. This reaffirmation that we need to adopt a fundamental perspective on risks, rather than viewing them as merely isolated and fragmented, was highly valuable. Furthermore, this led to the critical issue of how we will develop the talent that will support our technology and sales/marketing in the future. From the perspective of business growth, it is essential that we continue to deepen our discussions on the necessary future initiatives.
Business Continuity Plan (BCP) Initiatives
The Group has formulated business continuity plans (BCP) to minimize damage and achieve early recovery in the event of business interruption due to a major earthquake.
From fiscal 2020, we have taken this to a higher level and have begun working toward the establishment of an all-hazard BCP called a resource-based BCP. This is not a BCP for every event, such as an earthquake or a flood, but one that focuses on resource contingencies (facilities, raw materials, materials, etc.) that are likely to disrupt business activities during emergencies, and organizes relevant disaster mitigation and recovery measures. We also conduct regular assessments of disaster risks at major business sites, including those overseas. This information aids in making decisions related to preventive measures and capital investments to mitigate potential damages. Through these initiatives, we aim to strengthen our BCP. We continue efforts to improve initial response through efficient and reliable means of information sharing in the event of a natural disaster. In fiscal 2023, we conducted joint training exercises at the head office, Hitachi Works, and Isohara Works. This included: (1) the establishment of a disaster response headquarters, (2) confirmation of the safety of personnel, (3) assessment of the damage within and outside the Company, and (4) sharing this information and discussing and implementing response measures. The scenarios for these exercises were kept confidential in advance.
Moving forward, we will continue to enhance the effectiveness of our BCP through regular training sessions, as we work on establishing business continuity management (BCM).
Information Security Initiatives
Information Security Systems
The Group has taken steps to establish an information security management system (ISMS) in compliance with ISO 27001 from the three perspectives of strengthening information security compliance, increasing customer trust, and leveraging information internally and externally.
In fiscal 2023, we conducted information security risk assessments, internal audits, rank-based training, and supplier management in each department according to the plan approved by the Information Security Supervisory Manager. To solidify information security measures and awareness within the Group, we are extending their application to Group companies, in addition to the head office and business sites.
In efforts to upgrade information security further under the leadership of the Information Security Supervisory Manager, we will incorporate the cyber security measures implemented by the IT Department. At the same time, we pursue continuous improvement in accordance with ISMS to contribute to the realization of our long-term vision of becoming a technology-based company.
JX Advanced Metals Group Basic Policy Concerning Information Security
As a company with a social mission to provide a stable supply of nonferrous metals and advanced materials, the JX Advanced Metals Group recognizes that the information entrusted to us by our customers and business partners, as well as trade secrets and personal information held by us, are important assets. We have established the Basic Policy Concerning Information Security in order to systematically and continuously strengthen information security.
- 1.Legal compliance and social responsibility
Comply with laws and regulations, government guidelines, contractual obligations, and internal rules related to information security, and work to foster compliance management and a culture that emphasizes information security. - 2.Maintain and strengthen the trust we receive from customers and business partners
Ensure the protection of information assets entrusted to us by our customers and business partners. - 3.Contribute to the expansion of our own business opportunities
Ensure the protection of information assets that can be a source of competitive advantage.