The Otsuka group recognizes that pursuing management efficiency and controlling the risks inherent in business activities are important for improving corporate value. For this reason, it is vital to establish a group-wide system that enables all executives and employees to swiftly uncover, identify, and deal with risks related to their work. The Otsuka group manages risk via the initiatives outlined below, under the supervision of top management.
Otsuka Group introduced Enterprise Risk Management (ERM) in July 2020 to further enhance companywide risk management at the Company and its major operating companies, including the recognition and evaluation of risks from a company-wide perspective and the prioritization of management resources to control important risks. The Otsuka Group Global ERM Policy was established in 2022.
As part of ERM, we define uncertainties that could have a major impact on our ability to fulfill our corporate philosophy and achieve business strategy goals as “risks,” and have established a group-wide risk management framework and a system for risk assessment to effectively and efficiently manage significant risks faced by the group. Under this framework and system, we perform risk assessments to identify and gauge the significant risks faced by the group’s main operating companies; determine whether to mitigate, transfer, avoid, or accept risks; develop and implement risk management policies, and conduct monitoring activities on an ongoing basis.
At Otsuka Holdings, the Risk Management Committee oversees the group’s ERM as a whole. The committee participates in deliberations on significant risks and reports on them at meetings of the Board of Directors, formulates and monitors the implementation of policies for the management of significant risks, and provides instructions and support to the main operating companies when needed. The Board of Directors receives reports on committee activities, issues instructions as necessary, and oversees the efficacy of the group’s ERM structure.
Details of Risk Management Activities
Identification of significant risks begins with the sharing of risk awareness by senior management through interviews at Otsuka Holdings and the main operating companies (top down approach), as well as assessments of risks and controls by frontline employees (bottom up approach). This enables us to comprehensively identify the risks that exist in the group. Each group company develops risk management policies and risk management action plans for the risks that are judged to be significant risks, and regularly monitors and reviews the status of those risks and the progress of action plans.
Otsuka Holdings aggregates and visualizes the significant risks faced by each group company so as to grasp a comprehensive understanding of the existing risks and the status of controls in the group. Common risks that apply to the whole group are studied closely and the significant risks are gathered and identified. Based on the results of this process, the Risk Management Committee assigns priority to significant risks that could have major impact on the group’s business, for such as financial losses or business continuity.
Otsuka Holdings and our main operating companies develop and implement countermeasures to each significant risk based on the characteristics and risk tolerance. Otsuka Holdings provides the necessary guidance and support to group companies, which submit reports and seek advice from Otsuka Holdings, as appropriate. In these activities, the whole group coordinates closely to promote and practice ERM. Moreover, Otsuka Holdings and group companies work to prevent risks from becoming real by regularly monitoring them and confirming that they are within their respective tolerance levels.
FY2022 Policy and Initiatives Based on the Policy
"Otsuka Group Global ERM Policy" has been established by developing ERM-related regulations and expanding the number of companies that have introduced ERM in 2022 in order to further strengthen the risk management system in Otsuka group. Otsuka group's ERM standards have been documented to share them throughout the group with discussion with the group companies that have already completed the introduction of ERM. In addition, the toolkit has been developed and the process has been optimized for the ERM introduction process and subsequent monitoring activities to be implemented more efficiently. For the group companies that have already introduced ERM, the feedback on monitoring activities has been provided and ERM study sessions have been conducted with the aim of strengthening risk management.
Here are some comments from the field that promoted the initiative.
① Selection and review of significant risks for Otsuka Group
Otsuka group started introducing ERM in 2019 and it has been introduced to more than 20 group companies, including 7 major domestic operating companies as of December 2022.
The group companies that have completed the introduction of ERM set KPIs for their own top risks, formulate and implement action plans, and report to Otsuka Holdings on the monitoring results and the progress of the action plans every six months. Internal Control department in Otsuka Holdings summarizes the monitoring results reported by each group company, analyzes risk trends, and then provides feedback on the reported matters and shares best practices and issues.
Furthermore, in consideration of changes in the market environment and future management strategies, we review significant risks for Otsuka group on an annual basis, and work to strengthen risk management in cooperation with the group companies.
Otuksa Holdings Europe
Group Internal Audit & Risk, Europe
Senior Director, Head of Internal Audit & Risk
② The role of ERM in shifting landscapes
We aspire to promote a risk aware culture through our ERM program, which encourages open dialogue and accountability from our leadership team. We are now better placed to monitor the profile of each enterprise risk against an ever-evolving geopolitical and regulatory landscape, and have a platform to discuss emerging risks such as changing stakeholder expectations, AI, digitalisation and ESG commitments.
As the pace of change is dramatically accelerating, we continue to develop risk mitigation strategies to strengthen business resilience and our agility to respond.
Our ERM program is aligned with our strategic objectives. It has sharpened Leadership Team's focus on current risks, allowing for better informed decisions on priorities and investments. We are excited to continue our journey with integrating risk management into business as usual thinking.
Otsuka America, Inc.
Director, Internal Audit
③ Incorporating ERM in Strategic Decisions
'Working closely with key OAI operating companies, we have deployed a disciplined approach and framework to identify and manage enterprise risks.
Each operating company has established executive sponsorship of their local ERM program and have enabled cross-functional risk committees to oversee their respective program.
Using interviews and risk surveys, each operating company has established separate and prioritized risk registers.
The insights and understanding of risks gained through the ERM programs have helped our operating companies navigate recent challenges such as COVID, business continuity challenges, and supply chain disruptions.
OAI provides guidance and support of each of these programs.
Through regular regional meetings, we facilitate information sharing, sharing of strategies for managing common risks, identify common or linked risks, and provide a forum to discuss how to incorporate ERM into everyday decision making.
As we look to the future, we will continue to support regional information/knowledge sharing and expand the program to additional affiliates.
PT Otsuka Indonesia
④ Benefit of ERM implementation
With the introduction of ERM, we were able to gain a bird's-eye view of various risks which had been analyzed, understood, and responded by each division or department into enterprise-level perspective.
As a result, it became possible to build a common understanding among management, and after examining the degree of impact and probability of occurrence of each risk, we were able to select the top risk to the survival of the company.
For the top risk, the department in charge as a risk owner planned appropriate measures and incorporated them into KPIs, and implemented them reliably while monitoring them.
For the next, we will continue to evaluate residual risks and review risk assessments, also to clarify the purpose, roles, and functions of ERM, and utilize it as a tool for the future development of the company through proper management.
Business Continuity Planning and Management
The Otsuka group has business continuity plans (BCPs) in place to minimize the impact on our business activities and ensure that the group continues to operate as effectively as possible in order to maintain the stable supply of products, even when largescale earthquakes and disasters strike.
In terms of business continuity management (BCM), Otsuka Holdings and all major group companies (Otsuka Pharmaceutical, Otsuka Pharmaceutical Factory, Taiho Pharmaceutical, Otsuka Warehouse, Otsuka Chemical, etc.) have partnered to create a system to tackle business continuity on a group-wide scale. Since acquiring ISO 22301 certification for the production and stable supply of pharmaceutical products, beverages, and foods in 2012, we have gradually expanded the scope of certification to include the stable supply of intravenous solutions (in 2015) and the stable supply of anticancer agents (in 2016). The acquisition of ISO 22301 certification demonstrates that our organization complies with international standards and is fully covered, from a BCP standpoint. In addition, the Otsuka group as a whole is working to strengthen measures and systems to minimize the impact on business activities in the event of an emergency. Every year, we conduct joint simulation drills for different scenarios, such as natural disasters and the spread of infectious diseases. These drills provide the opportunity to test our framework for cooperation under close-to-realistic conditions, with a focus on ensuring stable product supply.
Risk Management Training
Risk management training is held annually for directors, Audit & Supervisory Board members, executive officers, and department heads of major group companies. Training includes simulation drills and lectures by outside experts, and involves discussions and reviews on domestic and overseas risks, referencing serious incidents and other matters. Topics include the initial response and coordination of information among the group when a crisis occurs, measures to ensure business continuity, and corporate social responsibility.
The Otsuka group has established the Otsuka Group Global Security Policy as its basic policy on information security. We endeavor to ensure shared awareness of the policy at all group companies, including overseas subsidiaries. In striving to raise the level of, and constantly improve, comprehensive security across the group, we set up the Otsuka Group Information Security Committee to examine specific measures and to share up-to-date information with regard to information security based on the policy. To counter the risk of cyberattacks, the Otsuka group employs a number of measures, such as arranging system security audits by external specialists, diagnosing website vulnerabilities, conducting drills related to targeted email attacks, and monitoring posts on social media. The group also conducts regular emergency drills with a focus on the core systems that construct data. In addition, we have built capabilities for responding to cybersecurity emergency situations, including the establishment of the Computer Security Incident Response Team (CSIRT), which preempts the occurrence of damage from cyberattacks targeting personal information and trade secrets held by respective group companies.