Mazda 2015 Annual Report Download - page 32

Download and view the complete annual report

Please find page 32 of the 2015 Mazda annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 66

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66

managerial consequences, Mazda takes appro-
priate measures in reference to its internal reg-
ulations, including establishing an emergency
response taskforce when necessary.
Risk management is further enhanced by the Risk
Compliance Committee, where key agenda items
are established annually and the risk management
status in each department is confirmed/evaluated.
Moreover, to prevent suspension of its busi-
nesses from causing a serious impact on society,
Mazda has been developing measures for possi-
ble future large-scale earthquakes, such as the
expected Nankai Trough earthquake.
Response to Accidents and
Other Emergencies
Mazda has been systematically undertaking pre-
paratory measures for major earthquakes since
the March 2004 fiscal year. Examples of such
“hardware and “software measures include
quake-proofing buildings and facilities, and rais-
ing embankments, as well as maintaining emer-
gency-contact networks, organizing self-disaster-
defense teams, developing response manuals,
selecting tsunami evacuation areas, and carrying
out evacuation drills.
Disaster drills are held annually both jointly
with the fire authorities and solely by Mazda’s
self-disaster-defense teams to confirm initial re-
sponse to an emergency.
Further, based on lessons learned from the Great
East Japan Earthquake, Mazda has communicated
to all employees the procedures for initial responses
and manuals for operating self-disaster-defense
teams, which were newly clarified in the March 2014
fiscal year, with the aim of confirming and reviewing
the precautions and initial responses in each work-
place. Steady efforts to enhance both “hardware”
and “software” aspects of emergency readiness
will continue in preparation for the Nankai Trough
Earthquake or other large earthquakes and tsunami
associated therewith.
Information Security
Personal information and other important infor-
mation are appropriately managed and pro-
tected based on the established information
management policies and internal regulations,
so as to ensure information security.
To raise employees’ awareness about infor-
mation security, Mazda requires its employees to
execute training on the management of confi-
dential information, protection of personal infor-
mation, and IT security. Upon newly joining the
Company, management of confidential informa-
tion is covered in the introduction program,
while e-learning is used for personal information
protection and IT security training. Other con-
tinuous education efforts are also available,
including an Intranet site dedicated to informa-
tion and knowledge on information security.
For companies in the Mazda Group, Mazda
provides guidelines and educational tools regard-
ing information security, realizing a group-wide
effort to ensure information security.
IT Security Management Rules
The IT security policy based on the BS 7799*
framework has been established as IT security
management rules, under which the mecha-
nisms for security control and monitoring that
should be incorporated into IT systems are
determined. Whether such mechanisms are
properly installed and operated is confirmed on
both a regular and random basis.
* Standards on information security management established by the
British Standards Institution (BSI), on which ISO/IEC27001 & 27002,
the current international standards for information security management,
are based.
Business Management System
Risk Management
Mazda makes continuous efforts to identify and
reduce various internal and external risks in accor-
dance with the Basic Policy on Risk Management,
Risk Management Regulations, and other related
internal regulations, so as to ensure continuous
and stable progress of business activities.
Among the risks identified, considering the
level of importance, individual business risks are
managed by the department in charge of that
business area, while company-wide risks are han-
dled by departments that carry out business on a
company-wide basis. These departments manage
the risks appropriately, following the PDCA cycle.
In the event of an emergency, such as a nat-
ural disaster or situation that creates serious
Internal Controls
Mazda has established the Mazda Corporate
Ethics Code of Conduct, which states action guide-
lines for employees, the Finance Control Guideline
for global financial control, and other guidelines.
Based on these guidelines, each department
develops rules, procedures, manuals, etc. to pro-
mote establishment of internal control.
For Group companies, cooperative systems
have been established, in accordance with the
Domestic Affiliates Administration Rules and
the Overseas Affiliates Administration Rules.
At Mazda side, the department responsible
for each Group company supports training and
system improvement at respective Group company.
Mazda Internal Controls
Enhancement of IT Security
Setting IT Security Management Regulations
IT system auditing, etc.
Monitoring
Self-diagnosis of internal controls
Internal auditing, etc.
Information and Communication
Internal control sign-off system
Mazda Global Hotline, etc.
Control Activities
Developing / operating work processes
(Developing procedures, manager approvals, etc.)
Risk Assessment
Risk Compliance Committee
Revising self-diagnosis checklist, etc.
Efficacy /
Efficiency
Financial
Reporting Compliance Asset
Protection
Control Environment
Mazda Corporate Ethics Code of Conduct
Finance Control Guideline, etc.
Overseas Group Companies
Group Companies in Japan
Mazda
Emergency Risk Management Structure
Executive Officer in charge of Risk Management
Emergency Response Taskforce
Representative Director and President
Departments within Mazda
For incidents that fall outside the scope of existing risk management
organizations and require a coordinated interdepartmental response,
the executive officer in charge of risk management will consult with
the president, establish an emergency response taskforce, and
appoint a general manager for this taskforce.
Mazda Group Companies
Instruction, assistance
Promotion
Risks at company-wide level
Risk Management Structure in Normal Times
Executive Officer in charge of
Compliance & Risk Management
Department in charge of promoting
risk management
Department responsible for each risk
Risk Compliance Committee
Representative Director
and President
Executive Officers
in charge
Departments within Mazda Mazda Group companies
Individual business risks
Mazda Annual Report 2015
30
Foundations Underpinning
Sustainable Growth
CONTENTS
Growth Strategy
Message from Management
Corporate Data
Introduction
Review of Operations