Risk Management
Sumitomo Corporation defines a "risk" as "the probability that future cash flows will be higher or lower than projected." It can otherwise be expressed as "uncertainty." For example, it means the possibility of incurring losses due to certain problems and circumstances, expected or unexpected, or lower returns on business activities compared to projections.
To achieve three risk management objectives, namely stable business results, enhanced corporate strength, and the maintenance of trust, we categorize risks into two categories and deal with each accordingly.
1) Quantifiable risks–e.g. uncollectible accounts receivable and reduced inventory values
2) Unquantifiable risks–e.g. losses resulting from human errors and natural disasters
We have developed "Basic Regulations Concerning Management of Firm-Wide Risk" that provide rules and guidelines for activities concerning risk management.
For quantifiable risks, we have established specific risk management regulations for each type of risk (such as "credit risk management regulations") based on the "Basic Regulations Concerning Management of Firm-Wide Risk," and manage such risks based on the procedures set out in these regulations. For unquantifiable risks, the basic policy is to avoid these, or to minimize them as much as possible. We have developed a cross-sector organization for unquantifiable risk management, which identifies risks, decides priorities, develops and implements countermeasures and conducts monitoring. In addition, as part of the company's internal control system review, which is a component of the Internal Control Program launched in 2005, unquantifiable risks (including those of consolidated subsidiaries) are continuously and comprehensively checked and necessary improvement measures are taken.
We believe that risk management in an integrated trading company with diverse business segments should be implemented at two management levels: a company-wide level and business unit level. The Corporate Group aims to improve corporate value through the implementation of company-wide portfolio management measures such as: (1) development of a risk management framework (e.g. rules and structures); (2) development and improvement of unified, decision-making support tools and methods; and (3) after-the-fact monitoring of the risk and return status. In addition, the Loan and Investment Committee is set up to assess and discuss large-scale and important projects from a company-wide viewpoint. On the other hand, each Business Unit takes risk management measures appropriate for its specialized business field to maximize the risk-adjusted return ratio, under the responsibility and discretion of its General Manager.
From fiscal 2007, we are applying stricter criteria for business withdrawal in order to encourage withdrawal from those businesses where capital efficiency is low. We have also established a support system to raise the business value of large-scale and important project.
Internal Regulations for the Management of Quantifiable Risks
To maintain the trust of all stakeholders in the future of its business, the Sumitomo Corporation Group has been implementing its Internal Control Program in order to "improve the quality of business operation" on a global and consolidated basis.
Constant monitoring and upgrading of the groupwide internal control system is indispensable to the Sumitomo Corporation Group's sustained growth and development. Recognizing the Internal Control Program as an important management tool and having established a track record in building formidable systems over a two-year period since its introduction in 2005, we have been able to expand and root the program horizontally across the entire Group to cover every facet of operations.
Internal Control Promotion Structure
The Sumitomo Corporation Group comprises eight Business Units that encompass domestic and overseas operations and many Group companies dispersed throughout the world. It is essential that the Sumitomo Corporation Group maintains a uniform standard for the quality of business operations, irrespective of the business sector or geographical region where they take place. Moreover, such standards must meet the expectations of our stakeholders.
From this perspective, in July 2005, we compiled a checklist based on the COSO Framework*, which serves as an international standard for internal control. Using this checklist, we set about making a thorough assessment of the current status and effectiveness of our internal controls. The checklist covers points pertaining to general operations that should be common to operations across the Group, including risk management, accounting and financial controls and compliance.
Through the implementation of the Internal Control Program, we are undertaking assessments at around 500 domestic and overseas operations that are aimed at conducting assessments of all Group operations, irrespective of industry field, region, or size. The Planning and Administration Department in each Business Unit and other relevant departments are reviewing the assessment results while supporting the formulation, establishment, and implementation of necessary improvement measures.
* COSO Framework:The COSO Framework defines internal control as a process required for the achievement of three objectives, which are reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations. It was announced by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) in 1992.
Reflecting assessment results in fiscal 2005, to address the issues identified through the Internal Control Program in individual organizations, we have implemented such initiatives as operational flow reassessments and system upgrades during the fiscal year under review. Meanwhile, the Corporate Group, in cooperation with other organizations, has established or renewed relevant rules, reviewed the method of internal control-related systems for Group companies and executed other necessary measures from a Groupwide perspective.
We have also identified especially important daily operational matters in the Internal Control Program checklist as "Primary Monitoring Check Items," and compiled the "Essence of Controls," a manual that explains the rationale behind laying out control processes and points that require special attention. These actions helped us to a great extent in conducting highly reliable assessments.
We apply the same principle to subsidiaries to be established and external corporations to be acquired. By performing adequate internal control assessments for these entities, we make sure that they have a certain level of internal control standards in place and in operation and that these standards are on a par with those embraced by the Group as a whole.
The new Japanese Company Law, which came into effect in May 2006, calls for companies to establish "systems ensuring that the execution of duties by directors conforms to legal regulations and their Articles of Incorporation as well as systems ensuring that business processes are handled appropriately." Having previously established various systems and frameworks, the Sumitomo Corporation Group already fulfills the requirements of the new Company Law.
The Internal Control Program has the task of monitoring these systems, periodically and comprehensively, to ensure that they are functioning adequately and making any necessary improvements.
Looking ahead, we are working to secure compliance with internal control-related rules stipulated in the Financial Instruments and Exchange Law, which will take effect in fiscal 2008. We will achieve this goal by channeling fruitful outcomes from the implementation of the Internal Control Program and taking full advantage of our already established internal control promotion structure. Pursuing absolute compliance with the said law, we aim to further improve our quality of business operation.
As described above, tireless reviews and constant improvements of our control processes based on the Internal Control Program collectively constitute an irreplaceable pillar supporting the Sumitomo Corporation Group's sustained growth.
Sumitomo Corporation works to enhance its information management system to maintain and improve information security. Our approach to this end includes the development of internal rules and manuals as well as the provision of employee training and awareness-raising activities, with a focus on taking preventive measures against risks identified within the Group relating to leakages of confidential information and compliance with the Personal Information Protection Act, which came into full effect in April 2005.
