The Otsuka group recognizes that pursuing management efficiency and controlling the risks inherent in business activities are important for improving corporate value. For this reason, it is vital to establish a group-wide system that enables all executives and employees to swiftly uncover, identify, and deal with risks related to their work. The Otsuka group manages risk via the initiatives outlined below, under the supervision of top management.
Risk Management System
The Otsuka group introduced Enterprise Risk Management (ERM) in 2020 to further enhance companywide risk management at Otsuka Holdings (the Company) and its main operating companies, including the recognition and evaluation of risks comprehensively from a company-wide perspective and the prioritization of management resources to control important risks. In 2022, the Otsuka Group Global ERM Policy was established by referencing global standards such as ISO31000 and COSO.
In the initiatives of ERM, we define “risks” as uncertainties that significantly impact the fulfillment of our corporate philosophy and the achievement of our business strategy goals, and we have established a group-wide risk management framework and a system for risk assessment. Under the framework and system, we identify and evaluate significant risks in the group through the risk assessments performed at main operating companies, determine whether to mitigate, transfer, avoid, or accept those risks, formulate management policies, and continuously execute and monitor these activities to effectively and efficiently manage the risks in the group.
The Company has established the Global Risk Oversight Committee, composed of the Director/Operating Officer in charge of finance, corporate planning, and administration. The committee participates in deliberations on significant risks and reports on them at meetings of the Board of Directors, formulates and monitors the implementation of policies for the management of significant risks, and provides instructions and support to the main operating companies when needed. The Board of Directors receives reports on committee activities, issues instructions as necessary, and oversees the effectiveness and efficacy of the group’s ERM structure.
Details of Risk Management Activities
Identification of significant risks begins with the sharing of risk awareness by senior management through interviews at the Company and the main operating companies (top-down approach), as well as assessments of risks and controls by frontline employees (bottom-up approach). This enables us to comprehensively identify the risks that exist in the group. Each group company develops risk management policies and risk management action plans for the risks that are judged to be significant risks and regularly monitors and reviews the status of those risks and the progress of action plans.
The Company aggregates and visualizes the significant risks faced by each group company to grasp a comprehensive understanding of the existing risks and the status of controls in the group. Common risks that apply to the whole group are studied closely and the significant risks are gathered and identified. Based on the results of this process, the Global Risk Oversight Committee assigns priority to significant risks that could a have significant impact on the group’s business, such as financial losses or business continuity.
The Company and the main operating companies develop and implement countermeasures to each significant risk based on the characteristics and risk tolerance. The Company provides the guidance and support to the main operating companies, which submit reports and seek advice from the Company, as appropriate. In these activities, the whole group coordinates closely to promote and practice ERM. Moreover, the Company and the main operating companies regularly monitor risks to prevent their occurrence to the extent possible and ensure that they remain within their respective tolerance levels.
FY2023 Policy and Initiatives
In order to not only build a highly effective risk management system that supports the Otsuka group’s management foundation but also further improve that system, we moved forward with introducing ERM in regions throughout the world, including Japan, North America, Europe, Asia, and China, using a standardized process based on the Otsuka Group Global ERM Policy and Otsuka Group Global ERM Implementation Guidelines, which were established in 2022. Furthermore, we conduct monitoring activities and hold risk management-related study sessions while regularly sharing with ERM staff of major operating companies information on risks that are growing more complex and advanced as the global situation continues to change. Here, we look at workplace opinions that promoted initiatives in various regions.
Koki Hayashi
Compliance Department
Otsuka Pharmaceutical
Factory
① Effective ERM initiatives
For significant risks, we implement measures, set indicators, and receive quarterly reports on progress in implementing countermeasures and monitoring results. We also work to enhance corporate value by improving effectiveness through training and surveys of the Risk Management Committee and all employees, which are conducted three times a year. ERM has been introduced at six domestic and overseas subsidiaries, and we are working to further expand target companies.
Mike Gehrke
Compliance
Vice President,
IT & Compliance;
Corporate Secretary
Otsuka America
② Leveraging ERM to achieve strategic objectives and enhance value
In North America, we are refining our ERM approach to enable the introduction of risk management activities in order to help us achieve our strategic business targets.
Marina Levis-Etournaud
Legal and Compliance
Director Group
Nardobel
③ Identifying significant risks and conducting monitoring
The Nardobel group (Nutrition & Santé in France, Spain, Italy, and the three countries of Benelux) is now working to introduce ERM. In light of changes in the market environment and the future management strategy, we will partner with all group companies to reinforce risk management by conducting annual reviews of significant risks in the group.
Pratul Gupta
Senior Vice President
Otsuka Chemical (India)
④ Visualizing risks and measures through ERM initiatives
In a quickly changing global business environment, we consider risk management based on general objective indicators extremely important for achieving sustainable business growth. Through management-centered ERM initiatives, we link the examination of concrete measures to their implementation through the visualization and monitoring of internal and external risks based on quantitative indicators.
Business Continuity Planning and Management
The Otsuka group has business continuity plans (BCPs) in place to minimize the impact on our business activities and ensure that the group continues to operate as effectively as possible in order to maintain the stable supply of products, even when largescale earthquakes and disasters strike.
In terms of business continuity management (BCM), Otsuka Holdings and all major group companies (Otsuka Pharmaceutical, Otsuka Pharmaceutical Factory, Taiho Pharmaceutical, Otsuka Warehouse, Otsuka Chemical, etc.) have partnered to create a system to tackle business continuity on a group-wide scale. Since acquiring ISO 22301 certification for the production and stable supply of pharmaceutical products, beverages, and foods in 2012, we have gradually expanded the scope of certification to include the stable supply of intravenous solutions (in 2015) and the stable supply of anticancer agents (in 2016). The acquisition of ISO 22301 certification demonstrates that our organization complies with international standards and is fully covered, from a BCP standpoint. In addition, the Otsuka group as a whole is working to strengthen measures and systems to minimize the impact on business activities in the event of an emergency. Every year, we conduct joint simulation drills for different scenarios, such as natural disasters and the spread of infectious diseases. These drills provide the opportunity to test our framework for cooperation under close-to-realistic conditions, with a focus on ensuring stable product supply.
Risk Management Training
Risk management training is held annually for directors, Audit & Supervisory Board members, executive officers, and department heads of major group companies. Training includes simulation drills and lectures by outside experts, and involves discussions and reviews on domestic and overseas risks, referencing serious incidents and other matters. Topics include the initial response and coordination of information among the group when a crisis occurs, measures to ensure business continuity, and corporate social responsibility.
Information Security
The Otsuka group has established the "Otsuka Group Global Information Security Policy" as a fundamental part of its approach to information security, striving to unify awareness across all group companies, including overseas subsidiaries.
We set up the Otsuka Group Information Security Committee to examine specific measures and to share up-to-date information with the aim of elevating and continuously enhancing the group's overall security posture.
To mitigate the risk of cyberattacks, we conduct continuous assessments for improvement, address high-risk vulnerabilities, provide phishing simulation training and countermeasures, and monitor endpoints. In addition, we have built capabilities for responding to cybersecurity emergency situations, including the establishment of the Computer Security Incident Response Team (CSIRT), which preempts the occurrence of damage from cyberattacks targeting personal information and trade secrets held by respective group companies.