OMRON’s global promotion of compliance and risk management through integrated risk management initiatives
Based on OMRON Group Rules for Integrated Risk Management, the OMRON Group promotes compliance and risk management at the global level. Specifically, OMRON identifies and analyzes global compliance and other Group-related risks, specifying significant risks and devising measures to deal with them.
Should a significant risk occur, the Crisis HQ will be set up to deal with that risk through an organizational approach. To quickly assess frontline risk information, the risk reporting system and Whistle-blower System are in operation.
OMRON’s basic policies for integrated risk management are defined in the Basic Policy on Maintenance of Internal Control System resolved by the Board of Directors as follows:
The framework for integrated risk management is summarized in an internal rules called the OMRON Group Rules for Integrated Risk Management, which clarify the position of risk management within Group management. These rules are overseen by the Global Risk Management and Legal headquarters.
Approximately 140 risk managers have been appointed to pursue global activities for which management and front-line employees work in unison. These risk managers are active at OMRON global headquarters, business companies, regional headquarters overseas, and group company worldwide. In principle, the Corporate Ethics and Risk Management Committee meets four times a year, and in the event of a crisis, an Emergency Response Headquarters is put in charge of response. The status of their actions are reported to the Executive Council and the Board of Directors on a regular basis.
The three main activities of the Corporate Ethics and Risk Management Committee are as follows:
At the same time as starting our VG2020 long-term vision formulated in 2011, we also launched our existing integrated risk management program. We are becoming more attuned to risk and confronting any risks as they emerge in the face of a faster pace of change in the operating environment and rising levels of uncertainty.
OMRON faces a variety of risks as we expand across the globe. In response, we have categorized the entire spectrum of risks that impact management and financial performance. Having categorized these risks, we then chart their interrelationships. (For details, refer to Businesses and Other Risks)
We use this framework as a link between management and the working level, in order to, alongside management, address issues that cannot be resolved at the working level. Accordingly, we have created the OMRON Risk Book – Risk Scenario 100 — a business risk casebook aimed at using previous case examples to look forward, and have shared them group-wide. This will use case examples from others as object lessons in increasing our sensitivity to risk. Additionally, our VG2.0 medium-term management plan includes measures related to business risk management that supports innovative creation.
In case of crisis, if at all, we pursue “bad news first” rule by immediately reporting such risk to the appropriate level according to the internal rules. We then centrally manage such information to be able to place a measure to prevent recurrence, tracing whether such measure worked well.
In fiscal 2020, we conducted a global risk analysis, picked out critical risks to our group, decided upon departments responsible for countermeasures, and systematically promoted initiatives to counter these risks.
Specifically, we define S-rank risks as the most important risks in group operations that could jeopardize the survival of the group or give rise to serious social responsibilities. A-rank risks are those risks that could hinder the achievement of the next-most important group objectives. For the themes that the OMRON Group is focusing on, the risk scenarios and countermeasures for the relevant risks are described in “Business and Other Risks.”
For IT systems and information security risks, under the supervision of the Cybersecurity Director, each Head Office Administrative Division Managers are responsible for controlling and managing in each area such as information security, product security, and confidential/personal information as the Executive Officer. In addition, the Board of Directors sets "Strengthening Cybersecurity" as a supervisory perspective with " Risk Responses in times of uncertainty" as one of the priority themes. The Board of Directors monitors and supervises cybersecurity issues and initiatives for future enhancement.
Regarding information security, the Head of the Global Business Process and IT Innovation HQ, as the Group Information Security Officer, supervises the overall status of information security management in the OMRON Group. Underneath, Information Security Responsible Department is responsible for grasping the overall status of information security management in the OMRON Group and planning and promoting the overall measures necessary for the OMRON Group. For product security, as part of product quality assurance, Product Security Responsible Department has been established under the supervisory of the Head of the Global Procurement, Quality, and Logistics HQ to strengthen it. Similarly, regarding management of confidential and personal information, the Head of the Global Risk Management and Legal HQ as the person responsible, grasps the trends in laws and regulations of each country and the situation of the OMRON Group in the affiliated departments and promotes necessary measures.
Issues that are across each area are resolved by holding the Cybersecurity Integration Conference, chaired by the Cybersecurity Director, as needed.
The OMRON Group implements a Whistle-blower System as the framework for monitoring ethical conduct across the Group.
Such notifications are accepted from a wide range of personnel, including executives, employees, and temporary employees; their families; as well as retired personnel, suppliers and on-site contract workers. Besides handling whistle-blowers at a dedicated department within the company, an external law firm is also commissioned to accept reports from whistleblowers. Outside Japan as well, Whistle-blower Systems are available at major sites in the regions of the Americas, Europe, Greater China, Korea, and Asia, and are implemented in the same manner as in Japan.
Regarding the implementation of the Whistle-blower System, the internal rules clearly require strict confidentiality and prohibit retaliatory actions against whistleblowers. OMRON also informs employees of the availability of the hotline through bulletin boards and during employee training.
In fiscal 2020, a total of 25 whistle-blowing reports were made in Japan, and 11 abroad. This shows steady global penetration and proper functioning of the whistle-blower system.
As of July 16, 2021, OMRON Corporation has become a registered business entity under Japan's Whistleblowing Compliance Management System certification regime. We will continue to improve our evaluations of the effectiveness of our whistle-blowing system and pursue compliance management.