Risk Management

Approach

The DENTSU SOKEN Group has set management rules to identify factors that hinder the achievement of management objectives or threaten the conduct of business activities. Accordingly, it has measures in place to prevent risks from being taken, and to minimize impact should they arise. To make this possible, we promote appropriate risk management and collect timely information on possible risks across the organization.

Structure

The DENTSU SOKEN Group manages risks from an overview of the Group as a whole under the Sustainability Promotion Council established in January 2022, which comprehensively promotes sustainability-related initiatives.

The Sustainability Promotion Council identifies and evaluates the risks that the Group assumes when conducting business activities, determines the most critical risks, decides the departments and managers to address them, provides instructions for formulating risk response plans, and monitors the implementation of countermeasures. The results are reported to the Board of Directors.

The DENTSU SOKEN Group Risk Management Structure is as follows.

Organizational chart
Board of Directors

It monitors risk management to ensure it remains effective.

Sustainability Promotion Council

This council collects information on risks from each business division, management division, and each Group company, identifies and evaluates the risks, determines the most critical risks, the departments responsible for addressing them and person in charge. It also monitors both the response plans—of departments responsible for addressing them—and the status of the risks.

Departments Responsible for Addressing
Risks & Subcommittees

Departments & Subcommittees responsible for addressing risks develop risk response plans and carry out countermeasures.

Risk management departments of
each Group company

Departments are involved in identifying the most critical risks, formulating and implementing response plans.

Risk Management Process

Identifying, Evaluating Risk

The Sustainability Promotion Council identifies potential risks in the business environment, the Group’s business strategy, its business-related and crisis management; among its personnel and labor force; as well as in the areas of accounting and finance, corporate governance, information security, and ethical compliance.

This is done through interviews at each business division, management division, and the Group companies. Risks identified are evaluated regularly on the basis of probability and possible impact.

Compelling Risks

The Sustainability Promotion Council identifies the most critical risks from the perspective of the need to implement risk countermeasures with the highest priority or the need to implement additional risk countermeasures from among risks with the potential to significantly impact business continuity based on the results of risk assessments, then selects the department and people in charge of addressing these risks.

Planning Responses

The departments responsible for addressing risks and the Group companies devise response plans stipulating steps both to prevent potential risks, and to minimize the impact should risks be identified.

The plans are approved or advised by the Sustainability Promotion Council.

Response Implementation, Risk Monitoring

Departments responsible for addressing risks and the Group companies do so according to approved response plans, as well as compile, and keep updated, manuals on the relevant regulations.

The Sustainability Promotion Council conducts reviews of risk response plans and the status of risks, reporting the results to the Board of Directors.

Should risks arise, the committee sees that additional countermeasures are formulated and carried out.

Details on risk management and an overview of countermeasures against significant risks are disclosed in the Securities Report.

Business Risks

The DENTSU SOKEN Group has set management rules to identify factors that could potentially hinder the achievement of management objectives or threaten the conduct of business activities. However, the risks identified herein do not necessarily represent the entirety of such potential risks, and in the future the Group could be impacted by unanticipated risks or other risks that are considered to be of low importance.

Critical Risks

  • 1.
    System Development-related Risks
    When providing system development services, the DENTSU SOKEN Group may encounter unexpected issues during the development process, and due to these issues, could incur higher development costs that potentially could reduce profitability. In addition, if serious failures occur following delivery and these deficiencies interfere with client operations, the Group may incur costs associated with the restoration of system quality, resulting in lower profitability, potential claims for damages, loss of credibility, and other negative consequences.
    For this reason, the Group has established a Project Management Office (PMO) Committee for evaluating system and software product development plans from the pre-proposal stage. When conducting these evaluations, the committee focuses primarily on required specifications, potential technical challenges, order value, development periods, and development cost estimates. Throughout the entire process, extending from order acquisition to final delivery, the committee also monitors and measures progress against pre-established plans to ensure appropriate management of development risks. Furthermore, to minimize the possibility of potential issues, the DENTSU SOKEN Group standardizes its development processes and actively promotes a variety of educational measures related to technology, including the sharing of technical expertise.
  • 2.
    Risks Associated with Securing and Training Human Resources and Labor Management
    The operating results of the DENTSU SOKEN Group may incur impact if the Group is unable to adequately secure and train the capable human resources it requires, or if productivity declines due to deteriorating labor conditions or other negative factors.
    Accordingly, the DENTSU SOKEN Group continuously strives to enhance its new graduate and mid-career personnel recruitment activities, while also stepping up its employee education and training efforts. At the same time, the Group has adopted, and remains consistently committed to improving, a variety of supportive programs that include a discretionary labor system, a retirement age of 65, a fellowship system, childcare and nursing care programs, and an array of other mechanisms that help employees balance their work and family responsibilities. In this connection, the DENTSU SOKEN Group maintains appropriate working hours and implements employee health care initiatives while applying a range of human resource policies that ensure its staff is capable of maintaining work–life balance, facilitate the acquisition and development of superior human resources, and promote the improvement of working conditions and environments.
  • 3.
    Business Continuity Risks
    In the event of natural disasters such as major earthquakes, torrential rains, outbreaks of serious infectious disease, or changes in the societal landscape, the DENTSU SOKEN Group’s financial position or operating results may incur impact in the form of countermeasure costs or service delays.
    Thus, the Group has put together a variety of response manuals in preparation for a range of crises, a system for taking timely and appropriate countermeasures, and a remote work system and environment that enables smooth business operations to ensure the safety of its full- and part-time staff, as well as the continuity of its business operations.
  • 4.
    Information Security Risks
    If, due to computer viruses, cyber-terrorism, human error, or other causes, our internal information systems or those we provide to our customers are compromised, or if associated services are suspended or interrupted, or if personal or confidential information is leaked, we may face claims for damages from customers or other affected parties, loss of credibility, or operational stagnation.
    Accordingly, through our Information Security Subcommittee, which oversees the information security management of the entire Group, we have established and are enforcing various regulations and guidelines, and the DENTSU SOKEN Group as a whole is maintaining a firm and unified commitment to information security management. While continuously targeting improvements in the security of our systems and networks, we are implementing a variety of comprehensive cybersecurity measures and have set up a security education platform through which the education and training of all executives and employees is ongoing. DENTSU SOKEN and its major Group companies have acquired certification under ISO/IEC 27001:2013 (the international standard for information security management systems) and its national Japanese equivalent, JIS Q 27001:2014. We, meanwhile, have been authorized under the PrivacyMark System, a third-party certification program for personal information protection systems .
  • 5.
    Compliance Risks
    The DENTSU SOKEN Group could face damage to its credibility or business performance-related impact in the event of compliance issues or violations of laws or ordinances.
    In view of this, the Group has adopted and actively enforces the Dentsu Group Code of Conduct, the Basic Policy on the Rejection of Boryokudan (organized crime groups) and Our Declaration of Conduct, which serves as a behavioral standard for all Group employees. At the same time, we place the highest possible priority on compliance with all applicable laws and regulations, including Japan’s Companies Act, Financial Instruments and Exchange Act, and Act on the Protection of Personal Information. In addition, we ensure legal and regulatory compliance through measures such as compliance education for all directors and employees and an internal reporting system consistent with the Ministry of Health, Labour and Welfare’s Whistleblower Protection System.
  • 6.
    Risks Related to M&A and Other Investments
    The DENTSU SOKEN Group may invest in domestic or foreign companies or new businesses if it determines that such investments will effectively accelerate the growth of its operations or facilitate competitive advantages within the marketplace. However, if the Group is unable to execute its business plans due to significant changes in its operating environment or other factors, these investments could potentially impact the Group’s operating results.
    Hence, the Group remains committed to investing only after thoroughly evaluating feasibility through analysis of factors such as market trends, customer needs, as well as the performance, financial position, and technological superiority of the candidate for acquisition. Further, we have formed the Investment Committee, which conducts preliminary reviews of matters falling under the purview of the Management Council or Board of Directors, and established systems for screening projects, monitoring the business conditions of investee companies, and promptly formulating countermeasures when circumstances prevailing at the time of investment are not commensurate with projections.
  •  

Other Material Risks

  • 1.
    Risks Related to Changes in Management Policies of Customers, etc.
    If factors such as changes in social or economic conditions cause sudden shifts in the information technology investment trends of our customers, our Group’s business performance may incur an impact as a result.
    Accordingly, we closely monitor economic trends in Japan and overseas, promptly implementing necessary countermeasures, including the cultivation and development of management strategies and new solutions adapted to market needs.
  • 2.
    Risks Associated with Service Competitiveness
    Customer needs and technologies in the information services industry are evolving rapidly, and competition is intensifying as many new companies enter the market. If the DENTSU SOKEN Group were to fail to respond to these rapid changes or lag behind current trends in terms of technical innovation, its operating results could be adversely affected.
    The DENTSU SOKEN Group thus promptly implements necessary countermeasures, including the cultivation and development of management strategies and solutions adapted to market needs through proactive research and development (R&D), ongoing optimization of internal structures and organizations, as well as both investments in and alliances with companies in Japan and overseas. We also work to improve the value we provide by enhancing the functions of our software products and expanding our services.
  • 3.
    Risks Associated with Suppliers and Subcontractors
    When developing and providing solutions to its clients, the DENTSU SOKEN Group outsources some of its operations to external subcontractors. Consequently, the Group’s operating results are subject to potential impact if they encounter factors such as growth in per-unit outsourcing costs caused by tight supply and demand conditions associated with subcontractors. Particularly when outsourcing to overseas subcontractors, the Group can face unforeseen circumstances stemming from local social conditions. Besides, if suppliers of software products and information equipment procured and sold by the DENTSU SOKEN Group adjust their management policies or business plans, the changes potentially could disrupt the Group’s efforts to provide products and services to its customers. Notably, changes in the management policies of Siemens Corporation, a critical supplier of CAD/PLM, could impact the Group's business performance.
    Hence, the Group works to maintain and improve profitability through ongoing efforts targeting cost structure optimization. These efforts include joint initiatives with subcontractors to standardize system development and improve productivity, as well as appropriate price pass through, and cultivation of new subcontractor partnerships. As well as maintaining close relationships with product suppliers through the formulation of joint sales strategies, we continuously strive to promptly identify Japanese and overseas companies equipped with cutting-edge technologies and highly competitive products and services.
  • 4.
    Intellectual Property Risk
    If a third party files a lawsuit or claim against the DENTSU SOKEN Group’s systems, software products, or services for infringement of intellectual property rights, the Group could be held liable for damages and incur expenses for the development of alternative technologies. In addition, the Group could fail to generate anticipated earnings through its own intellectual property rights or could incur a negative impact on its operating results if other companies infringe on these rights, or if products that imitate or similarly duplicate the functionality of the Group’s professional software appear on the market.
    So that this might be avoided, the Group strives to raise employee awareness of intellectual property rights by researching patents, trademarks and other property rights held by third parties, holding consultations regarding any relevant issues that may arise during projects, and providing education and training programs.
  • 5.
    R&D Investment-related Risk
    The DENTSU SOKEN Group maintains a management strategy of proactively investing in R&D to facilitate the creation of business opportunities and support the development and delivery of future high-value-added solutions. However, if the Company becomes unable to meet its R&D investment targets, it may not be able to create new businesses or improve its services as planned, resulting in operational stagnation. And, should the results generated through products and services completed through investment not achieve projected targets, the Group may recover invested funds more slowly than expected, or become unable to recover these funds, which could impact its financial position and operating results.
    For these reasons, the Group set up its Investment Committee, which serves as an investigative body responsible for issues associated with R&D concerning products and services. Through this committee, the Group reviews and confirms the progress of projects, while monitoring the status of investments and the recovery of invested funds, thereby providing a framework to prevent risk.
  • 6.
    Risks Pertaining to Climate Change
    Risks posed to the DENTSU SOKEN Group due to climate change include transitional risks caused by changes in policies, laws and regulations, technology, and markets, as well as physical risks, such as service provision delays due to an increase in natural disasters brought about by climate change. Any delay in responding to these risks could impact business performance and medium- to long-term corporate value.
    The Group is therefore taking steps to address the risks of climate change. Based on the framework of the “Task Force on Climate-related Financial Disclosures (TCFD),” we are working to strengthen climate change countermeasure governance, as well as analyzing risks and opportunities and conducting scenario analysis in light of their financial impact. Our analysis is that the financial impact of climate change risks will be limited when it comes to the DENTSU SOKEN Group, but for the sake of further risk reduction, we will implement a rigorous environmental management system in accordance with ISO 14001, while concurrently working to reduce CO2 emissions through greater use of renewable energy and the utilization of carbon credits. At the same time, we aim to create business opportunities related to climate change countermeasures, and to that end we are also working to develop and provide new solutions that help achieve decarbonization and the circular economy and support ESG management.
  • 7.
    Capital Relationship with Dentsu Inc.
    As end of current consolidated fiscal year, Dentsu Inc. owned 61.8% of the Company’s issued and outstanding shares.
    The DENTSU SOKEN Group is committed to maximizing business synergies generated through cooperation with its parent Group. At the same time, it ensures that important material issues concerning the execution of operations associated with business development are reviewed and ruled on by its Board of Directors, the majority of which are independent outside directors. We recognize that our efforts aimed at business growth and development through cooperation with our parent Group—while maintaining our autonomy and independence as a listed company—serve the interests of our non-controlling shareholders.

Information Security

The DENTSU SOKEN Group considers it important to strictly manage information held by the Company and that obtained from business partners. In addition to complying with the Dentsu Group Basic Policy for Information Security, we have rules and guidelines to appropriately manage information across the Group.

The information security system is operated by director in charge of information security, information security chief administrator, and promotion members in each department. Through the Information Security Committee led by the director, we seek to maintain and improve information security by disseminating the rules, introducing and carrying out appropriate measures, and at the same time checking, reviewing, and improving security as necessary.

In a bid to eradicate breaches of information security, we provide training on information security. For this we have e-learning programs for all officers and employees, and in-house caravans to check and improve security efforts in each workplace.

To protect DENTSU SOKEN information from the increasing cyber-attacks, we constantly are improving the security level of our systems and networks. At the same time, we conduct comprehensive cyber security training, which includes teaching all officers and employees how to handle targeted email attacks.

Organizational chart
<

Security Management Certification

In December 2000, DENTSU SOKEN was awarded the Privacy Mark that is given to business operators that appropriately handle personal information. The award was made by the Japan Institute for Promotion of Digital Economy and Community (formerly the Japan Information Processing Development Corporation), in recognition of our bid to manage personal information appropriately.

In March 2005, DENTSU SOKEN was awarded information security standard BS 7799 certification, and the ISMS certification standard as a group, both of which are international standards.

Later, BS 7799 was changed to ISO/IEC 27001 and, as of January 4, 2024, a total of 48 companies, including Dentsu Group Inc., 46 Dentsu Japan companies, and 47 CLUB, which is a Dentsu-affiliated company, have acquired ISO/IEC 27001: 2013 and JIS Q 27001: 2014 certification (standards in Japan that have been made into Japanese Industrial Standards (JIS) based on ISO/IEC 27001).

BS7799/ISMS
protecting your PRIVACY 11820084(11))

Crisis Management

DENTSU SOKEN maintains various manuals in the event of a crisis, such as a major earthquake or the outbreak of a serious infectious disease. This it does to ensure that employees and business partners are safe, and that a business continuity structure is in place.

Specifically, in terms of disaster response, we regularly carry out practical work training and desktop simulations, and as a measure for people who, in times of emergency, may have difficulty returning to their homes, assuming that employees and business partners will remain at work for some time, we stockpile drinking water, food, portable toilets, and other necessary items at each business site. We also have a safety confirmation system, in connection with which training is ongoing.

Further, to ensure the safety of DENTSU SOKEN employees abroad on business, as well as employees and business partners working at DENTSU SOKEN Group companies overseas, we work with external consultants to formulate business trip approval standards, according to the degree of risk involved such as local security conditions, as well as create an Overseas Safety Handbook that outlines the precautions and safety measures to be taken when abroad.