Internal Control & Risk Management
In general, an internal control system has a number of objectives, including ensuring that operations are performed efficiently, ensuring statements of accounts are prepared correctly for reporting financial results to stakeholders, and ensuring compliance with the law. Based on these objectives, Marubeni has defined internal control as the prevention of contingent losses by establishing and operating internal systems. In our wide-ranging business activities, the Marubeni Group undertakes multifaceted qualitative and quantitative risk management at both the micro and macro levels. At the macro level, we promote integrated risk management based on quantitative methods. At the micro level, we have strengthened our control for individual projects by requiring scenario analyses, strictly adhering to established numerical benchmarks and reinforcing monitoring systems for each project. With respect to qualitative risks, we have adopted a preventative approach by improving our internal control system and bolstering our compliance structure. With respect to trade compliance, we have also established the Trade Compliance Management Department in an attempt to strengthen checking functions and enhance business functions.
Priority CSR Activities in Fiscal 2009
- Ongoing improvement of internal control through compliance with the Companies Act and the Financial Instruments and Exchange Act
- Healthier financial position through integrated risk management
Fiscal 2009 in Review
We reviewed the Basic Policy on Internal Control, and confirmed that it has been appropriately developed and operated in line with our fundamental principles. With regard to internal control reporting systems under the Financial Instruments and Exchange Act, in addition to each organizat ion implement ing ongoing improvements, we sought to improve management appraisals. With regard to risk assets, which are a means for managing integrated risk, while the upheaval in the business environment following the "Lehman shock" did cause risk assets to temporarily exceed equity, during Fiscal 2009, we brought them back below equity, and we achieved targets for ensuring adequate risk reserves.
Basic Policy on Internal Control
Based on the Companies Act and the Ordinance for Enforcement of the Companies Act, Marubeni has developed a basic policy on the system designed to ensure the appropriateness of Marubeni Group operations. We aim to realize a more appropriate and efficient system that is responsive to changes in society.
In April 2008, we reviewed our Basic Policy on Internal Control, and added the following four principles:
1. To avoid any and all contact with corporate racketeers and other antisocial forces?
2. To prevent the loss or improper release of information
3. To formulate a business continuity plan
4. To establish the Internal Control Committee and the Disclosure Committee
Internal Controls over Financial Reporting
Marubeni's top management recognized from early on the importance of internal cont rol . In March 2004, thei r clear determination resulted in the start of the MARICO PROJECT (MARubeni Internal COntrol System PROJECT) to ensure the reliability of financial reporting. Consistent with the methodology outlined in the Sarbanes-Oxley Act (SOX Act) of the United States, the MARICO PROJECT documented the flow of business practices plus the risks and controls relating to financial reporting. We evaluated the effectiveness of the project, and in Fiscal 2005, we completed our Group's internal control system.
Pursuant to the Financial Instruments and Exchange Act, listed companies were required from April 2008 to have in place a system for reporting on their internal control over financial reporting. Choosing to act before this, Marubeni has taken proactive and voluntary steps to achieve effective internal control to enhance our corporate value base. As a result, in the Marubeni Group's Internal Control Report for Fiscal 2008, the conclusion was reached that "our internal controls are operating effectively." We submitted our Internal Control Report for Fiscal 2009 together with our annual securities report in June 2010.
Development of a Risk Management System
The system shown in Figure 2 has been put in place to manage major potential risks to business. For important individual proposals, such as those for investment or financing, draft proposals are first circulated and discussed by the Investment and Credit Committee and by the Corporate Management Committee, before the President makes a decision. Following implementation, each sales division manages the risk exposure and, for important cases, periodic status is reported to the Investment and Credit Committee and to the Board of Directors. In addition, using risk diversification, portfolio management is conducted to reduce the risk to the company as a whole.
Figure2 Risk Management System Structure
Fair Trading
The Marubeni Group's management philosophy is to conduct fair and upright corporate activities in accordance with the spirit grounded in our company creed of "Fairness, Innovation and Harmony." The Marubeni Group's Compliance Manual also contains sections on "Compliance with the Antimonopoly Law and Related Laws and Regulations" and "Prohibition of Unfair Competition."
Response to Antisocial Forces
We resolutely renounce antisocial forces and groups that threaten the order and security of society, and we avoid any contact with them. The Compliance Manual contains detailed provisions regarding "bans on money laundering" and "bans on using the influence of antisocial forces."
Information Security
In November 2001, Marubeni established the "Marubeni Information Security Policy," and to promote safe business activities exclusive of information security risks, we have implemented safety measures and protection for information assets on the basis of the policy. In January 2005, we established the IT Security Management Rule and the IT Security Standard to indicate the importance of information security. These were designed to counter such risks as unauthorized access, loss, destruction, alteration and leaks of information assets, as well as to maintain the effective use and credibility of those assets. Moreover, with respect to the specific management of information assets, we have established Detailed Rules for the Management of Documents and other Records and IT Usage Rules, and have publicized them widely.
These efforts are also being enhanced at group companies. We have encouraged group companies to formulate and apply their own rules tailored to the characteristics of their respective businesses, with reference to Marubeni's rules and regulations. Furthermore, in response to Japan's internal control reporting system, which began in Fiscal 2008, in addition to formulating the "Guidelines for IT General Control," which are regarded as the standards for strengthening control at Marubeni and key group companies, we have also made continuous revisions and improvements to them.
Business Continuity Plan (for business continuity in the event of a major disaster)
Marubeni has formulated a Business Continuity Plan (BCP). At first, we only formulated a BCP based on the assumption of a large-scale earthquake; but in Fiscal 2009, as well as revising our large earthquake BCP, we also formulated a new BCP based on the assumption of a highly virulent new type of influenza. Similarly, the existing BCP was only for Tokyo Head Office, but we have now formulated BCPs for individual offices in Japan and overseas that impact the business continuity.
