JAPEX promotes company-wide cross-sectional risk management. The lead departments and committees evaluate and manage individual risks appropriately for each department and risk, while the Management Risk Committee evaluates and manages risks across the entire company.
Integrated Risk Management
The Management Risk Committee, chaired by the President, deliberates mainly on the following matters.
- Evaluation and management of risks related to management (including climate change)
- Management of major project progress
- Formulation of internal control policies and verification of non-compliance cases.
Risk management, including the secretariat of this committee, is jointly supervised and promoted by Corporate Strategy Dept., Administration and Legal Dept., and Auditing Dept. In addition, the status of risk management is reported annually to the Board of Directors.
Individual risks are evaluated and managed by the following committees.
- Investment Evaluation Committee: Verification of risks and appropriateness of investments in important projects
- Health, Safety, Security, and Environment (HSSE) Committee: Deliberation of risks related to HSSE
- Information Security Committee: Deliberation of risks related to information security
The medium-term business plan, ESG, and other medium- to long-term management issues are deliberated by the Sustainability Committee.
Investments in significant projects of a certain size or subject to other conditions are deliberated by the Investment Evaluation Committee in accordance with the Investment Evaluation Guidelines. This committee evaluates the appropriateness of investments based not only on the economics of the project, but also on ESG-related items and business risks from the perspective of geopolitics and other factors. The results of the deliberations are reported to the Executive Committee and the Board of Directors, which discuss the final investment decision of the project, as necessary.
A four-step Decision Gate (DG) process has been introduced to investment decisions for projects with a financial burden above a certain level. The DG process identifies risks and opportunities related to the business from each of the Technical, Economic, Commercial, Organizational, and Political-Societal (TECOP) perspectives to conduct a review called DGR (Decision Gate Review).
- DGR-1: Identify risks and opportunities based on the perception of the external environment, after confirming their compatibility with the strategy.
- DGR-2: Generate all possible alternatives and evaluate their viability, risks, and opportunities.
- DGR-3: Select the best proposal that maximizes the value of the project from multiple proposals.
- DGR-4: Review details to make final investment decision.
Business Risk Management in the Implementation Phase
For projects that have moved into the implementation phase, the Management Risk Committee regularly monitors the status to identify and manage qualitative and quantitative risks.
Safety Measures and Business Continuity in Case of Emergency
In addition to safety measures for employees engaged in operations in Japan and overseas, the HSSE Committee is established to discuss company-wide policies and related matters to continue business operations in the event of an emergency. Also, developing a system and various manuals based on company-wide policies, as well as implementing appropriate countermeasures and raising employee awareness on a regular basis, have been executed.
Overseas Safety Measures
To protect the safety of our employees engaged in overseas operations, JAPEX conducts countermeasures, training, and educational activities from ordinary times based on our overseas safety and crisis management guidelines.
The HSSE Committee is responsible for the establishment and deliberation of overseas safety and crisis management guidelines and related important matters. In addition, the Overseas Safety Measures Subcommittee, whose members include the HSE Department and the general managers of relevant departments, gathers information on overseas safety and makes decisions on whether or not to take business trips.
Overseas Emergency Response Drills and Information Dissemination
JAPEX conducts emergency response drills to improve the crisis management skills of employees engaged in overseas operations and those in charge of overseas operations at our head office.
- Emergency communication drills between overseas fields and our head office
- Overseas contingency response drills, including simulations and workshops that simulate overseas contingencies
We are also working to raise awareness of crisis management throughout the company even in normal times by providing overseas safety information and overseas safety seminars to employees to be dispatched or assigned as an expatriate abroad.
JAPEX has established the Emergency Countermeasure Regulations, related procedures, and various manuals to prepare for emergencies involving personnel, equipment, and other matters that may affect our business.
In the event of an emergency, we will gather information, communicate, and give instructions mainly to the departments in charge of business and major fields in accordance with these rules, procedures, and various manuals. Depending on the situation, the Emergency Response Headquarters will be settled at our head office and the Local Emergency Response Headquarters at major locations such as business offices to respond to emergency situations.
Drills are conducted at least once a year at our head office, business sites, and other major fields to simulate emergency situations. While taking into account the results of these efforts, we are preparing and improving emergency response regulations, related procedures, and various manuals as appropriate.
Business Continuity Plan (BCP)
A business continuity plan (BCP) is formulated against emergencies such as a major earthquake or other disaster, or an epidemic of an infectious disease that could have a significant impact on social life.
Moreover, we have prepared a manual for initial response in case of a large-scale disaster, and regularly conduct emergency drills at each business site, employee safety confirmation drills, and walk-home (from work) drills for emergencies.
The BCP and its accompanying procedures and manuals have been improved as necessary based on actual experiences of damage and disaster at our business sites, including the Great East Japan Earthquake in 2011, the Hokkaido Iburi-East Earthquake in 2018, and the Fukushima Prefecture Offshore Earthquake in 2021.
Response to a Large-Scale Infectious Disease Outbreak
In order to continue our business operations even in the event of a large-scale epidemic of infectious diseases, JAPEX has formulated the Business Continuity Plan for COVID-19, etc., which includes measures to prevent employees from becoming infected. By updating and reviewing the plan as needed, we are preparing for business continuity under emergency situations caused by various infectious diseases.
Even in the context of the global spread of COVID-19 after 2020, we are taking measures to prevent or spread the infection. Our first priority is to protect the health and safety of our employees. By using telecommuting and other means, we are continuing our business activities at the same level as during normal times.
JAPEX has established an information security management system based on the recognition that it is important to have an organization-wide system for the appropriate and safe management and efficient use of information.
We have established the Information Security Committee to formulate the Information Security Policy and to deliberate other important matters related to information security.
The Information Security Policy consists of the Information Security Basic Policy and the Information Security Measures Standards. In addition, we have formulated the Information Security Implementation Procedure for the appropriate implementation of the control measures set forth in the Information Security Measures Standards.
Under this system, we have established a system for classifying and managing information, formulated the Personal Information Protection Policy and the Guidelines for Handling Personal Information, and are developing and operating an IT environment based on these policies.
As for crisis management, we are continuously reviewing and improving the technical aspects of cyber-attack countermeasures. We also provide regular education on information security to our employees to raise their awareness.
Information Security Management System