Risk Management

Internal Control System and Risk Management

Basic Stance

In order to enhance the Tokyo Electron Group’s corporate value and remain accountable for our actions to our stakeholders, we are making efforts to strengthen effective internal control. This involves implementing practical measures that are in line with the Fundamental Policies concerning Internal Controls within the Tokyo Electron Group, set out by Tokyo Electron’s Board of Directors. We are also annually evaluating our internal control over financial reporting based on the Financial Instruments and Exchange Act of Japan.

Risk Management System

To more effectively strengthen the risk management systems of the entire Group, Tokyo Electron has established a dedicated risk management unit within the General Affairs Department of the corporate headquarters. This function analyzes the risks faced by the Group and identifies material risks. It then monitors the management of such risks while supporting and implementing risk management activities. The function also regularly reports the status of risk management activities to the Audit & Supervisory Board Members and the Board of Directors.
In fiscal 2017, the Group reassessed the material risks in its operating environment. For each risk determined to be material, the status of risk management at the responsible divisions was reconfirmed. Going forward, the Group will continue these initiatives to enhance the efficacy of its risk management framework.

Auditing by the Internal Audit Department

The Global Audit Center of the corporate headquarters is the Group’s internal audit department. This Center is responsible for auditing business activities, compliance and systems at domestic and overseas Group companies and business units (BUs) in accordance with each fiscal year’s auditing plan. The Center also annually evaluates the effectiveness of the Group’s internal control over financial reporting based on the Financial Instruments and Exchange Act of Japan.
At operating divisions where issues have been identified through audits and assessments, the Center monitors progress and provides necessary guidance for improvement.

Business Continuity Plans (BCPs)

The Tokyo Electron Group began building business continuity plans in 2003. After the Great East Japan Earthquake, the Group rebuilt these plans to be more effective and include provisions for restoring operations after crises, focusing on major business sites. As examples of specific initiatives, the Group has put considerable effort into such preparations for disasters as stockpiling emergency supplies (including food and drinking water), reinforcing essential infrastructure, rebuilding the safety confirmation system, creating manuals, and implementing drills and employee training.
Furthermore, to meet its responsibilities as an equipment manufacturer, the Group pursues ongoing efforts to improve its BCPs, including taking steps to facilitate early recovery and alternate production.
And also, following the experience of the Kumamoto Earthquake, reinforcement work is being conducted for buildings at bases in Japan to improve their seismic resistance.

Information Security Management

To ensure the appropriate management of information assets, the Group has an information management framework centered on its Information Security Committee, which is composed of representatives from departments across the Group.
The Information Security Committee acts as a decision-making body for the Group. Rules concerning the handling and protection of such sensitive information as trade secrets and personal information are formulated based on the committee’s policy and applied throughout the Group. An e-learning system is used to educate and promote awareness of these rules among Group employees and executives.
Additionally, the Group has a reporting system for both actual and potential cases (incidents) of information leakage. Reported incidents are quickly settled and then analyzed. Based on such analyses, recurrence prevention measures are implemented throughout the Group.
In order to mitigate emerging cyber security threats, the Group examines and undertakes rational countermeasures as necessary. The Group also has in place systems to detect targeted threats that utilize social engineering as well as a supervisory framework to prevent damage.