Logo

Governance

Risk Management

Risk Management

Risk Management Systems

The Isetan Mitsukoshi Group has developed and established a Group-wide risk management system based on the Basic Policy for Internal Control Systems, including such things as the prevention of risks in all business areas and cross-sectional responses to risks when they occur. To achieve sustainable growth for the future in a business environment with diversifying risks, the Isetan Mitsukoshi Group engages in the further strengthening of the systems for promoting risk management, with the safety and security of customers, business partners, and employees as its top priority.

Risk Management Systems

Systems for promoting risk management

Our Group ensures that the Compliance and Risk Management Promotion Meeting, chaired by the president and CEO, is thoroughly informed of risk management systems and policies, and that highly effective measures are taken through three sub-committees (Risk Management Subcommittee, Compliance Promotion Subcommittee, and Cyber Risk Management Project).
Our Group’s risk management system comprises of three lines of defense and five layers that assume risk management in the current organization. Based on the three lines of defense, with each Group company as the first line of defense, the HDS Risk Management Office as the second line of defense, and the HDS Internal Audit Office as the third line of defense, we have strengthened our risk management system by dividing it into five layers with more specifically defined roles (1⃣ Non-administrative departments of operating companies; 2⃣ Administrative departments of operating companies; 3⃣ HDS administrative departments; 5⃣ HDS Risk Management Office; and 5⃣ HDS Internal Audit Office).

Organizations improving the effectiveness of risk management

The Group takes effective measures to prevent the occurrence of priority risks identified by the Compliance and Risk Management Promotion Meeting, through the following subcommittees, thereby implementing a PDCA cycle of suggesting, promoting, and examining more specific countermeasures.
Priority risks are explained in “Concept of risk”

■ Risk Management Subcommittee

This subcommittee works to improve the effectiveness of risk countermeasures by conducting rigorous drills and inspections, as well as formulating measures and BCP to reduce and prevent various risks, including natural disasters and fires.

■ Compliance Promotion Subcommittee

In order to maintain a sense of ethics that is responsive to the times and to correctly respond to rapid changes in the environment, this subcommittee works to foster a compliance mindset as part of our corporate culture by promoting understanding of legal knowledge and administrative trends that management should be aware of, and by linking this to Risk Management Systems practices that comply with the principle of fair trade.

■ Cyber Risk Management Project

This organization maintains knowledge of the latest security trends to optimize the Group’s security technology, improves daily monitoring systems to prevent and quickly respond to any incidents, and provides training to employees.

The PDCA cycle of risk management

  • Based on the basic policies presented at the Compliance and Risk Management Promotion Meeting, countermeasures for specific priority risks are formulated and thoroughly communicated through each subcommittee.
    In order to implement countermeasures, training and voluntary inspection activities are conducted at each Group company. We carry out risk management based on the PDCA cycle, in which monitoring and evaluation lead to further improvements in response measures.

  • The PDCA cycle of risk management

Concept of risk

In assessing risk, our Group strives to understand risks from multiple perspectives, taking into consideration the ever-changing external environment and the Group’s business characteristics and strategies.
We have classified the risks surrounding the businesses of the entire Group into five categories (❶ Management strategy risks; ❷ Financial risks; ❸ Personnel and labor risks; ❹ Disasters and other external risks; and ❺ Operational risks), and have established a flow to regularly evaluate and confirm the progress of countermeasures after further subdividing each risk. Furthermore, should a risk materialize, we consider it to be a risk that could result in damage to property, injury to personnel, impediment to the execution of financial and management strategies, or damage to our reputation. As such, based on the frequency of occurrence and impact on business, we create a risk map (see below), select priority risks among them, and take countermeasures as early as possible.

Risk examples

Category Risk item Damage to property Injury to personnel Impediment to the execution of financial and management strategies Damage to reputation
Management strategy risks Promotion of sustainability management
Strategies to cope with digital society
Adaptation to new business models
Responding to conditions overseas
Financial risks Fundraising

Personnel and labor risks Securing and developing professional human resources
Disasters and other external risks Natural disasters and fires

Information security

Operational risks Commodity transaction risks

Leakage of personal information
Risk map

Specific Initiatives to Mitigate Risks

Responding to Risks Related to Natural Disasters 

In recent years, natural disasters have become more frequent and severe throughout the world due to climate change, and various issues related to the environment have become increasingly apparent.
The Isetan Mitsukoshi Group’s business operations are centered on stores, especially department stores. Therefore, natural disasters such as earthquakes, typhoons, floods, and volcanic eruptions could significantly disrupt the continuity of our store operations. In particular, if a major earthquake were to strike directly under the Tokyo metropolitan area or along the Nankai Trough, it could cause extensive damage to our Group’s customers, employees, and buildings. At the same time, we anticipate that a large-scale disaster would affect our business activities in various other ways, with possible scenarios including restrictions on the use of electricity, voluntary restraints on consumption, and contamination of foodstuffs due to radiation. Furthermore, flooding and inundations caused by typhoons or torrential rain, and damage from strong winds can have a significant impact not only on our customers, employees, and buildings, but also on product supply chains and logistics networks. Finally, supposing an eruption of Mt. Fuji were to occur, ash would be blown over a wide area centered on the Tokyo metropolitan area. This would have a major impact on our systems, logistics, etc., causing disruptions to business and other activities.

Disaster Prevention and Mitigation

The Isetan Mitsukoshi Group has various measures in place in preparation for the onset of a major disaster. These include the formulation of disaster prevention and mitigation measures and action plans for initial response, recovery, and reconstruction in the event of a disaster, as well as regular drills to improve the effectiveness of our response, rigorous checks to ascertain people’s safety, information sharing using IT tools, and other measures to raise awareness of disaster prevention among Group employees.

1. Group Integrated Response Headquarters: Initial Response Drills in Anticipation of a Major Earthquake

In the event an earthquake of intensity 6-lower or above on the Japanese seismic intensity scale or higher is recorded at any of our companies or store locations, or if the secretary-general otherwise deems it necessary, we will establish a mechanism called the Group Integrated Response Headquarters. This headquarters will work to collect and analyze information on damage from each company and branch, respond to and issue instructions on matters requiring group-wide decisions, and systematically conduct activities to ensure the continuation or early restoration of core business operations while placing the safety of customers, employees, and other stakeholders as the top priority. Since FY2021, we have been holding semi-annual initial coordination drills remotely in the anticipation of a major earthquake. These drills are held for members of the disaster response headquarters of each company and store and the Group Integrated Response Headquarters. The purpose of the drill conducted in September 2023, which envisaged a scenario in which a major earthquake had struck directly under the Tokyo metropolitan area, was to ensure appropriate and prompt coordination of information between the disaster response headquarters of the five stores in the Tokyo metropolitan area that would be affected and the Group Integrated Response Headquarters. On the day of the drill, we confirmed the procedures involved in this process, from collecting disaster information from the affected locations to making decisions at the Group headquarters. The purpose of this included lifesaving and emergency response measures to minimize damage, support over a wide area (personnel, relief supplies, financial arrangements, etc.), and resource allocation and planning among Group companies for the early restoration of operations.

  • Group Integrated Response Headquarters at the time of the drillGroup Integrated Response Headquarters at the time of the drill
  • Drill in progress at Isetan Tachikawa StoreDrill in progress at Isetan Tachikawa Store
2. Business Continuity Management (BCM)

The Isetan Mitsukoshi Group has been taking ongoing steps in normal times to revise its business continuity plan (BCP), improve its systems and tools, and establish a documentation system. Furthermore, through education and training, we are implementing a program of BCM, which includes improving the effectiveness of our BCP and cultivating an awareness of crisis management, to maintain and improve the business continuity capabilities of the Group’s core business. We are making constant efforts to improve the issues identified in the course of these activities, sharing them throughout the Group through meetings such as the Compliance and Risk Management Promotion Meeting. The implementation of the PDCA cycle through this series of initiatives has helped to further improve the effectiveness of our Group’s BCM and strengthen our resilience. Also, our Group’s stores and business continuity may be disrupted in the event of a natural disaster or pandemic. For this reason, we have formulated BCPs for each Group company to minimize damage to customers, employees, and business assets, and to ensure the early restoration of operations and business continuity of affected locations in the event of a Group management crisis resulting from the actualization of a risk.

  • In addition to the triggering criteria, these BCPs set out such things as Group-wide decision-making and organizational structures, action plans, target recovery times, and proactive measures to deal with risks during normal times.

  • Business Continuity Management (BCM)
3. Acquisition of Resilience Certification
  • In 2016, Isetan Mitsukoshi Ltd. obtained Resilience Certification from the Association for Resilience Japan, the first time for a department store to acquire this certification. We received this certification in recognition of our efforts in business continuity planning. In 2018, we also received Resilience Certification for our social contributions, granted in recognition of our in-store fundraising activities and our system to support employee volunteer activities. Resilience Certification is Japan’s first certification system for organizations involved in business continuity management (BCM). The National Resilience Promotion Office, Cabinet Secretariat confirms that organizations meet the specified requirements for certification, and the Association for Resilience Japan certifies companies, municipalities, schools, hospitals, and other organizations that are actively engaged in business continuity initiatives.

  • Acquisition of Resilience Certification
4. Working with the Cabinet Office to Raise Awareness of Disaster Preparedness
  • FY2023 marks the 100th anniversary of the Great Kanto Earthquake and thus represents an important opportunity to further strengthen our preparedness for possible future major disasters, such as an earthquake directly under the Tokyo metropolitan area or along the Nankai Trough. The Cabinet Office is collaborating with private companies to raise disaster awareness at the national, household, and office levels and to promote disaster preparedness in daily life. The Isetan Mitsukoshi Group supports this initiative and is engaged in various activities to raise disaster awareness among Group employees.

  • Working with the Cabinet Office to Raise Awareness of Disaster Preparedness

Disaster Management in Japan, Cabinet Office, Government of Japan Website (Japanese)新しいウィンドウで開く

Disaster Management in Japan, Cabinet Office, Government of Japan Website (English)新しいウィンドウで開く

5. Initiatives to Raise Awareness of Disaster Preparedness among Employees

Japan is a disaster-prone country, and in order to protect lives from natural disasters, it is paramount that each and every one of us takes the initiative voluntarily to be prepared on a daily basis. For this reason, the Isetan Mitsukoshi Group publishes articles on things we can do for ourselves to be prepared in its in-house web magazine with the aim of raising disaster awareness among Group employees. The articles focus on natural disasters that are likely to occur at certain times of the year, and are published on a regular basis so that employees can think about their own daily preparedness and actions to be taken in the event of a disaster, thereby contributing to disaster prevention and disaster mitigation.

Addressing Risks Related to Information Security

Here at the Isetan Mitsukoshi Group, we rigorously manage the various information we receive from our customers and business partners on a daily basis in the course of our diverse business activities and services. In addition, with the growth of online purchasing and the proliferation of various digital tools, we utilize numerous systems in our daily business activities. In recent years, Japanese companies have been facing an increasing number of cyber-attacks from both domestic and international sources. To combat this threat, we are striving to further bolster our information security governance. In the event of system disruption or shutdown due to cyber-attacks, or the leakage of personal or confidential information due to unauthorized access, it would take time to respond and restore the system, meaning a risk of disruption to a wide range of operations. As such, we have taken various measures to maintain information security. First, in terms of organizational measures, we have strengthened our information security system and established the Cyber Risk Management Project led by a specialized department to formulate and implement measures to prevent cyber risks on a daily basis, and to respond to security incidents as and when they arise. In terms of technological measures, in order to reduce the risk of cyber-attacks and other threats, we are enhancing our countermeasures by introducing and operating various security tools and systems with the intention of identifying risks and taking action in advance, as well as detecting intrusions and responding to them as early as possible. In terms of personnel measures, we encourage the development of specialist personnel in the Group’s systems division, implement training programs for employees, and conduct targeted e-mail drills at each site on a regular basis as a measure to improve employee literacy regarding information security. Moreover, in order to foster an awareness of these risks among employees, we routinely share information security-related incidents via the intranet. Furthermore, in order to respond appropriately to incidents, we have established the Computer Security Incident Response Team (CSIRT), an organization that enables a rapid response by reporting to and coordinating with external parties such as government agencies and specialized organizations. In addition, the Isetan Mitsukoshi Group has acquired a range of external certifications, including Privacy Mark certification for four domestic affiliates and ISO 20000 and ISO 27001 certification, international standards for information security management systems (ISMS), for Isetan Mitsukoshi System Solutions, which is responsible for the management and operation of our Group’s information services.

*Number of certifications acquired in FY2022 is shown in the ESG Related Data section of our website. ESG Related Data (Corporate Website)

ESG Related Data

三越伊勢丹HDS 総務統括部 総務企画部, 三越伊勢丹HDS 財務・IR統括部 広報・IR部, 三越伊勢丹HDS 総務統括部 コンプライアンス部, 三越伊勢丹HDS 秘書室, 三越伊勢丹HDS 取締役会室 監査委員会運営部, 三越伊勢丹ヒューマン・ソリューションズ 人財開発事業部, 三越伊勢丹HD 内部監査室 内部統制部