Risk management
We have established a Group-wide risk management framework for implementing the Hitachi Group’s growth strategy.
Basic Approach
The Hitachi Group’s business activities are transforming amid innovations in digital technologies such as generative AI and advances in globalization, and the types of risks that could significantly affect management are also diversifying. For the Hitachi Group to boost its corporate value over the medium to long term, we believe it is necessary not only to view risks as “threats,” but also to recognize their positive aspects as business “opportunities,” conduct risk management, and create revenue opportunities. From this perspective, the Hitachi Group has developed its risk management structure and risk management processes, and conducts risk management across the entire Group.
Risk Management System
Based on the Hitachi Group’s risk management regulations, we have established a system to identify and share risk information for the Hitachi High-Tech Group and to prioritize responses to high-importance risks. The CRO (Chief Risk Management Officer), who is responsible for risk management for our Group, identifies risks throughout the Group and reports to management and the parent company. The Risk Management Framework classifies and organizes functions and roles into three lines (Three Lines Model). The functions and roles of each of these three lines are as follows.
The first line comprises each business division; as business owners, they coordinate risk management within their divisions and report the status to the CRO. The second line, the Corporate Division, works with the CRO to provide support such as advice and monitoring for the first line’s risk management. The third line, the Internal Auditing Division, verifies and evaluates risk management from a position independent of the first and second lines.
Initiatives for Risk Management
Within the Hitachi Group, we refer to international risk management frameworks such as COSO-ERM and ISO 31000, select the Group’s key risks and formulate response policies, and update them in line with changes in internal and external business environments. To implement risk management comprehensively and efficiently across the Group, our internal rules for Group risk management define risk items, risk evaluation methods and more that are common to the Group. Risk evaluation is performed by assessing impact and likelihood of occurrence for each risk item and creating a risk heat map. For identified and evaluated risks, we consider and implement risk responses. We regularly monitor their effectiveness and implement improvements, including additional responses as needed. We are also engaged in the Promotion of initiatives for Business Continuity Management (BCM) in the event that risks materialize as “threats.”
Image of risk heat map
Initiatives for Business Continuity Management (BCM)
To prevent business interruptions caused by the materialization of risks such as large earthquakes, wind and flood damage, and infectious diseases (pandemics) from having a massive impact on society, we are working to enhance Business Continuity Management (BCM). Specifically, we continuously develop and review Business Continuity Plan (BCP) manuals and conduct tabletop exercises and the like assuming the occurrence of natural disasters, etc.