Corporate Governance / Risk Management
We have built a strong system of corporate governance to ensure that Obayashi is a company that is worthy of the trust of society at large. We think that increasing management transparency and soundness are important. We are also working to enhance corporate governance by enabling transparent, fair, swift, and firm decision-making based on the various principles of Japan's Corporate Governance Code set forth by the Tokyo Stock Exchange, in order to achieve sustainable growth and increase the corporate value of Obayashi over the medium and long-term.
At Obayashi, we have long worked to put our corporate principles into practice and earn the trust of society and our customers. As a company, we naturally comply with laws and regulations. However, we also believe it is necessary to cultivate a sense of ethics in each and every employee, and maintain a high sense of ethics and act with good judgment in implementing corporate activities, and are taking many steps to achieve this.
We have established a system of security to protect our information assets from three risks (the risk of natural disaster, infrastructure emergencies, and other acts of force majeure; the risk of internal information management; and the risk of external unauthorized access), and have taken preventive steps to prepare for emergency situations.
In line with Privacy Compliance Program, we provide trainings on information security to all employees and subcontractor staff twice a year. These trainings are to reaffirm rules related to information seurity and privacy, and to cultive a sense of awareness of the users and managers of information assets.
Information Asset Security Policy
We have established an Information Security Policy made up of the basic policy on information security and other policies as well as corresponding rules and guidelines. In addition, in accordance with the Obayashi Group Information Security Guidelines, we are working to strengthen information security management at the Group level.
Information Asset Security Policy (excerpt)
- 1 We will establish information security systems and implement risk mitigation measures.
- 2 We will regularly check security systems and constantly maintain appropriate management systems.
- 3 We will continually conduct training on information security.
- 4 Users and administrators will observe information security- related standards and work to ensure the effective functioning of security systems.
- 5 Users and administrators will observe laws and regulations, among other relevant stipulations, related to information management.
- 6 In the event of an emergency, such as an attack on information assets or the loss of information assets, we will promptly take appropriate measures and minimize damage to the Company.
Business Continuity Plan
The Great East Japan Earthquake of March 2011 was compounded by a series of crises including aftershocks, the tsunami, and electricity shortages. Based on these experiences, in November 2011, we revised our business continuity plan (BCP; devised in 2006) to include a basic policy for earthquake preparedness and code for individual behavior.
We believe it is the responsibility of construction companies to ensure the timely restoration of social infrastructure at times of disaster. In addition to setting recovery time objectives (RTOs) for various business processes, our BCP covers the establishment of disaster recovery support centers, emergency contact networks and emergency communication procedures, as well as coordination with suppliers.
When infrastructure such as bridges and dams, or facilities owned by our customers is damaged in a disaster, significant social and economic losses are incurred. We are prepared to respond to a range of natural disasters that may affect its customers, including earthquakes or torrential rain. In the event that a customer is affected by a disaster, we maintain a support system that enables our customers' operations to resume in a quick and timely manner.
Supporting Customer's BCP
Our business continuity management service includes a full range of solutions, from risk assessment to concrete proposals for mitigating risk from disasters. The service estimates the time and cost of restoration work in case of a disaster, and proposes risk mitigation measures that suit each customer's particular situation.
- Obayashi's internal audit department conducts a company-wide survey and interviews each year. The department identifies economic, social, and environmental risks and reviews the effectiveness of the risk management process. The contents of that assessment are discussed by the Board of Directors.
- We review the structure and quality of the independent auditor every year, and select an appropriate company.
- At fiscal year-end, we estimate the amount of assessments and settlements that are highly likely to arise in the future from events occurring prior to the current fiscal year and post reserves in this amount. Obayashi Group provided reserves of 10,529 million yen for losses relating to the Antimonopoly Act at the end of FY 2017.
- Obayashi also communicates important information concerning the company to stakeholders in a fair and timely manner on the TDnet system provided by the stock exchange for timely disclosure.