Promotion of Risk Management

Last updated : July 25, 2018

With respect to business risk management, NTT has established Risk Management Rules stipulating basic policies on risk management with the aims of, among others, anticipating and preventing the materialization of potential risks and minimizing losses if any risk materializes. Chaired by a senior executive vice president, the Business Risk Management Committee spearheads efforts to develop and operate a PDCA cycle for managing risks. During the fiscal year under review, the committee held one meeting during which discussions involved identifying risks that could potentially have a Companywide impact, policies for managing such risks, and other such matters.
NTT has also formulated the NTT Group Business Risk Management Manual, and distributed it to each Group company, in order to facilitate Groupwide risk management initiatives. On the basis of the manual, which stipulates matters that include proactive measures for potential risks, collaborative Groupwide approaches and policies for addressing risks that materialize, and pathways for communicating information, systems have been developed and implemented that enable swift action to be taken.

Identification of Risks / Specified Material Risks

From time to time, NTT reviews assumed risks and management policies based on changes in the social environment.
In the identification of risks, the Business Risk Management Committee plays the central role. Analysis processes for the risks faced by NTT Group are formulated, and risk analysis is periodically implemented in accordance with these processes. In this way, Companywide risks are identified. In addition, correlation analyses are implemented for these risks. Those risks with the potential to have the greatest influence are specified as "material risks," and countermeasures are formulated.

Information Security Risk

If there is a leak or other misuse of confidential information, such as personal information, the action may affect NTT Group's business, including its credibility and reputation, and the Group's ability to obtain new subscribers or secure governmental contracts may be adversely impacted.
To prevent such a situation, NTT Group is making efforts to protect confidential information obtained in the course of its business, including the personal information of customers. In addition, NTT Group has formulated the NTT Group Information Security Policy, which outlines its stance on ensuring information security. Furthermore, NTT Group continues to take steps on a Groupwide basis to protect the personal information of customers and prevent any leakage, including enhanced internal information management; the prevention of improper access; the implementation of physical, system-level security measures to prevent information loss, alteration, leakage, etc.; training and awareness-raising for officers and employees; appropriate supervision of contractors; and the publication of manuals.

Disaster Risk

Five Group companies—NTT, NTT East, NTT West, NTT Communications, and NTT DOCOMO—have been designated as public institutions under the Basic Act on Disaster Control Measures.
Accordingly, in preparation for a disaster, NTT Group has formulated the Disaster Management Operation Plan for the purpose of smooth, appropriate implementation of measures to prevent damage.
Damage prevention measures require an ongoing process of periodic review to reflect the latest knowledge and legal revisions. In June 2014, the Japanese government revised the Nankai Trough Earthquake Countermeasures Basic Plan. In response, NTT Group has revised the Disaster Management Operation Plan and is strengthening damage prevention measures.

Investment Risk

NTT Group actively engages in joint ventures, alliances, and collaborations, both domestically and overseas, as well as acquisitions and other strategic investments in order to respond rapidly to changes in market structures and customer needs. Before investments are made, commercial viability and risks are investigated and analyzed. In addition, after investments are made, monitoring is conducted periodically. In these ways, the Group is working to obtain the expected investment returns and to strengthen governance and risk management.
In regard to investments by NTT Group companies, consultation and advance reporting are required for projects that exceed a certain scale, and commercial viability and risks are investigated and analyzed. After investments are made, major projects are monitored in accordance with KPIs that have been established in advance.