Risk Management

Approach

The DENTSU SOKEN Group has set management rules to identify factors that hinder the achievement of management objectives or threaten the conduct of business activities. Accordingly, it has measures in place to prevent risks from being taken, and to minimize impact should they arise. To make this possible, we promote appropriate risk management and collect timely information on possible risks across the organization.

Structure

The DENTSU SOKEN Group manages risks from an overview of the Group as a whole under the Sustainability Promotion Council, which comprehensively promotes sustainability-related initiatives.

The Sustainability Promotion Council identifies and evaluates the risks that the Group assumes when conducting business activities, determines the most critical risks, decides the departments and managers to address them, provides instructions for formulating risk response plans, and monitors the implementation of countermeasures. The results are reported to the Board of Directors.

The DENTSU SOKEN Group Risk Management Structure is as follows.

Organizational chart
Board of Directors

・Monitoring the status of risk management and ensuring the effectiveness of management systems.
Sustainability Promotion Council

・Collection of risk information from us and the Group companies, risk identification and evaluation

・Determination of the most important risks and the department/manager in charge of the risks

・Consideration and coordination of policies for dealing with group-wide issues

・Monitoring the progress and risk status of risk response plans
Departments Responsible for Addressing
Risks & Subcommittees

・Formulation of risk response plans and implementation of risk countermeasures
Risk Management Departments of
Each Group Company

・Identification of the company's most important risks and formulation and implementation of risk response plans

Risk Management Process

Identifying, Evaluating Risk

The Sustainability Promotion Council identifies potential risks in the business environment, the Group’s business strategy, its business-related and crisis management; among its personnel and labor force; as well as in the areas of accounting and finance, leagal, corporate governance, information security, and ethical compliance.

This is done through interviews at each business division, management division, and the Group companies. Risks identified are evaluated regularly on the basis of probability and possible impact.

Compelling Risks

The Sustainability Promotion Council identifies risks that have the potential to significantly impact business continuity based on the results of risk assessments, defines these risks as "most critical risks," and then selects the department and people in charge of addressing each of these risks.

Planning Responses

The risk management departments of the responsible divisions and group companies compile preventive measures to avoid the materialization of "most critical risks" and risk countermeasures to minimize the impact if such risks do materialize into a risk response plan. This plan is then submitted for approval or advice from the Sustainability Promotion Council.

The plans are approved or advised by the Sustainability Promotion Council.

Response Implementation, Risk Monitoring

Departments responsible for addressing risks and the Group companies do so according to approved response plans, as well as compile, and keep updated, manuals on the relevant regulations.

The Sustainability Promotion Council conducts reviews of risk response plans and the status of risks, reporting the results to the Board of Directors.

Should risks arise, the committee instructs the addition of necessary risk countermeasures, as well as the improvement and implementation of the plan.

Details on risk management and an overview of countermeasures against significant risks are disclosed in the Securities Report.

Business Risks

The DENTSU SOKEN Group has set management rules to identify factors that could potentially hinder the achievement of management objectives or threaten the conduct of business activities. However, the risks identified herein do not necessarily represent the entirety of such potential risks, and in the future the Group could be impacted by unanticipated risks or other risks that are considered to be of low importance.

Critical Risks

  • 1.
    System Development-related Risks
    When providing system development services, the DENTSU SOKEN Group may encounter unexpected issues during the development process, and due to these issues, could incur higher development costs that potentially could reduce profitability. In addition, if serious failures occur following delivery and these deficiencies interfere with client operations, the Group may incur costs associated with the restoration of system quality, resulting in lower profitability, potential claims for damages, loss of credibility, and other negative consequences.
    For this reason, the Group has established a Project Management Office (PMO) Committee for evaluating system and software product development plans from the pre-proposal stage. When conducting these evaluations, the committee focuses primarily on required specifications, potential technical challenges, order value, development periods, and development cost estimates. Throughout the entire process, extending from order acquisition to final delivery, the committee also monitors and measures progress against pre-established plans to ensure appropriate management of development risks. Furthermore, to minimize the possibility of potential issues, the DENTSU SOKEN Group standardizes its development processes and actively promotes a variety of educational measures related to technology, including the sharing of technical expertise.
  • 2.
    Risks Associated with Securing and Training Human Resources and Labor Management
    The operating results of the DENTSU SOKEN Group may incur impact if the Group is unable to adequately secure and train the capable human resources it requires, or if productivity declines due to deteriorating labor conditions or other negative factors.
    Accordingly, the DENTSU SOKEN Group continuously strives to enhance its new graduate and mid-career personnel recruitment activities, while also stepping up its employee education and training efforts, and ensuring appropriate personnel placement. At the same time, the Group has adopted, and remains consistently committed to improving, a variety of supportive programs that include a discretionary labor system, a retirement age of 65, a fellowship system, childcare and nursing care programs, and an array of other mechanisms that help employees balance their work and family responsibilities. In this connection, the Group implement various human resource policies to support employees in achieving a work-life balance, such as managing appropriate working hours and promoting initiatives to maintain and improve health.
  • 3.
    Business Continuity Risks
    In the event of natural disasters such as major earthquakes, torrential rains, outbreaks of serious infectious disease, or changes in the societal landscape, the DENTSU SOKEN Group’s financial position or operating results may incur impact in the form of countermeasure costs or service delays.
    Thus, the Group has put together a variety of response manuals in preparation for a range of crises, a system for taking timely and appropriate countermeasures, and a remote work system and environment that enables smooth business operations to ensure the safety of its full- and part-time staff, as well as the continuity of its business operations.
  • 4.
    Information Security Risks
    If, due to computer viruses, cyber-terrorism, human error, or other causes, our internal information systems or those we provide to our customers are compromised, or if associated services are suspended or interrupted, or if personal or confidential information is leaked, we may face claims for damages from customers or other affected parties, loss of credibility, or operational stagnation.
    Accordingly, through our Information Security Subcommittee, which oversees the information security management of the entire Group, we have established and are enforcing various regulations and guidelines, and the DENTSU SOKEN Group as a whole is maintaining a firm and unified commitment to information security management. While continuously targeting improvements in the security of our systems and networks, we are implementing a variety of comprehensive cybersecurity measures and have set up a security education platform through which the education and training of all executives and employees is ongoing. DENTSU SOKEN and its major Group companies have acquired certification under ISO/IEC 27001:2013 (the international standard for information security management systems) and its national Japanese equivalent, JIS Q 27001:2014. We, meanwhile, have been authorized under the PrivacyMark System, a third-party certification program for personal information protection systems .
  • 5.
    Compliance Risks
    The DENTSU SOKEN Group could face damage to its credibility or business performance-related impact in the event of compliance issues or violations of laws or ordinances.
    In view of this, the DENTSU SOKEN Group has adopted and actively enforces the Dentsu Group Code of Conduct, the Basic Policy on the Rejection of Boryokudan (organized crime groups) and Our Declaration of Conduct, which serves as a behavioral standard for all Group employees. At the same time, we place the highest possible priority on compliance with all applicable laws and regulations, including Japan’s Companies Act, Financial Instruments and Exchange Act, and Act on the Protection of Personal Information. In addition, we ensure legal and regulatory compliance through measures such as compliance education for all directors and employees and an internal reporting system consistent with the Ministry of Health, Labour and Welfare’s Whistleblower Protection System.
  • 6.
    Risks Related to M&A and Other Investments
    The DENTSU SOKEN Group may invest in domestic or foreign companies or new businesses if it determines that such investments will effectively accelerate the growth of its operations or facilitate competitive advantages within the marketplace. However, if the Group is unable to execute its business plans due to significant changes in its operating environment or other factors, these investments could potentially impact the Group’s operating results.
    Hence, the Group remains committed to investing only after thoroughly evaluating feasibility through analysis of factors such as market trends, customer needs, as well as the performance, financial position, and technological superiority of the candidate for acquisition. Further, we have formed the Investment Committee, which conducts preliminary reviews of matters falling under the purview of the Management Council or Board of Directors, and established systems for screening projects, monitoring the business conditions of investee companies, and promptly formulating countermeasures when circumstances prevailing at the time of investment are not commensurate with projections.
  •  

Other Material Risks

  • 1.
    Risks Related to Changes in Management Policies of Customers, etc.
    If factors such as changes in social or economic conditions cause sudden shifts in the information technology investment trends of our customers, our Group’s business performance may incur an impact as a result.
    Accordingly, we closely monitor economic trends in Japan and overseas, promptly implementing necessary countermeasures, including the cultivation and development of management strategies and new solutions adapted to market needs.
  • 2.
    Risks Associated with Service Competitiveness
    Customer needs and technologies in the information services industry are evolving rapidly, and competition is intensifying as many new companies enter the market. If the DENTSU SOKEN Group were to fail to respond to these rapid changes or lag behind current trends in terms of technical innovation, its operating results could be adversely affected.
    The DENTSU SOKEN Group thus promptly implements necessary countermeasures, including the cultivation and development of management strategies and solutions adapted to market needs through proactive research and development (R&D), ongoing optimization of internal structures and organizations, as well as both investments in and alliances with companies in Japan and overseas. We also work to improve the value we provide by enhancing the functions of our software products and expanding our services.
  • 3.
    Risks Associated with Suppliers and Subcontractors
    The DENTSU SOKEN Group outsources some of its operations to external subcontractors. Consequently, the Group’s operating results are subject to potential impact if they encounter factors such as growth in per-unit outsourcing costs caused by tight supply and demand conditions associated with subcontractors. Particularly when outsourcing to overseas subcontractors, the Group can face unforeseen circumstances stemming from local social conditions. Besides, if suppliers of software products and information equipment procured and sold by the Group adjust their management policies or business plans, the changes potentially could disrupt the Group’s efforts to provide products and services to its customers. Notably, changes in the management policies of Siemens Corporation, a critical supplier of CAD/PLM, could impact the Group's business performance.
    Hence, the Group works to maintain and improve profitability through ongoing efforts targeting cost structure optimization. These efforts include joint initiatives with subcontractors to standardize system development and improve productivity, as well as appropriate price pass through, and cultivation of new subcontractor partnerships. As well as maintaining close relationships with product suppliers through the formulation of joint sales strategies, we continuously strive to promptly identify Japanese and overseas companies equipped with cutting-edge technologies and highly competitive products and services.
  • 4.
    Intellectual Property Risk
    If a third party files a lawsuit or claim against the DENTSU SOKEN Group’s systems, software products, or services for infringement of intellectual property rights, the Group could be held liable for damages and incur expenses for the development of alternative technologies. In addition, the Group could fail to generate anticipated earnings through its own intellectual property rights or could incur a negative impact on its operating results if other companies infringe on these rights, or if products that imitate or similarly duplicate the functionality of the Group’s professional software appear on the market.
    So that this might be avoided, the Group strives to raise employee awareness of intellectual property rights by researching patents, trademarks and other property rights held by third parties, holding consultations regarding any relevant issues that may arise during projects, and providing education and training programs.
  • 5.
    R&D Investment-related Risk
    The DENTSU SOKEN Group maintains a management strategy of proactively investing in R&D to facilitate the creation of business opportunities and support the development and delivery of future high-value-added solutions. However, if the Company becomes unable to meet its R&D investment targets, it may not be able to create new businesses or improve its services as planned, resulting in operational stagnation. And, should the results generated through products and services completed through investment not achieve projected targets, the Group may recover invested funds more slowly than expected, or become unable to recover these funds, which could impact its financial position and operating results.
    For these reasons, the Group set up its Investment Committee, which serves as an investigative body responsible for issues associated with R&D concerning products and services. Through this committee, the Group reviews and confirms the progress of projects, while monitoring the status of investments and the recovery of invested funds, thereby providing a framework to prevent risk.
  • 6.
    Risks Pertaining to Climate Change
    Risks posed to the DENTSU SOKEN Group due to climate change include transitional risks caused by changes in policies, laws and regulations, technology, and markets, as well as physical risks, such as service provision delays due to an increase in natural disasters brought about by climate change. Any delay in responding to these risks could impact business performance and medium- to long-term corporate value.
    The Group is therefore taking steps to address the risks of climate change. Based on the framework of the “Task Force on Climate-related Financial Disclosures (TCFD),” we are working to strengthen climate change countermeasure governance, as well as analyzing risks and opportunities and conducting scenario analysis in light of their financial impact. Our analysis is that the financial impact of climate change risks will be limited when it comes to the Group, but for the sake of further risk reduction, we will implement a rigorous environmental management system in accordance with ISO 14001, while concurrently working to reduce CO2 emissions through greater use of renewable energy and the utilization of carbon credits. At the same time, we aim to create business opportunities related to climate change countermeasures, and to that end we are also working to develop and provide new solutions that help achieve decarbonization and the circular economy and support ESG management.
  • 7.
    Capital Relationship with Dentsu Inc.
    As end of current consolidated fiscal year, Dentsu Inc. owned 61.8% of the Company’s issued and outstanding shares.
    The DENTSU SOKEN Group is committed to maximizing business synergies generated through cooperation with its parent Group. At the same time, it ensures that important material issues concerning the execution of operations associated with business development are reviewed and ruled on by its Board of Directors, the majority of which are independent outside directors. We recognize that our efforts aimed at business growth and development through cooperation with our parent Group—while maintaining our autonomy and independence as a listed company—serve the interests of our non-controlling shareholders.

Information Security

The DENTSU SOKEN Group considers it important to strictly manage information held by the Company and that obtained from business partners. In addition to complying with the Dentsu Group Basic Policy for Information Security, we have rules and guidelines to appropriately manage information across the Group.

The information security system is operated by director in charge of information security, information security chief administrator, and promotion members in each department. Through the Information Security Committee led by the director, we seek to maintain and improve information security by disseminating the rules, introducing and carrying out appropriate measures, and at the same time checking, reviewing, and improving security as necessary.

Further, in a bid to eradicate breaches of information security, we provide e-learning programs on information security for all officers, full-time employees1, and temporary workers2 (FY2024 participation rate: 100%)3, as well as conduct in-house caravans to check and improve security efforts in each workplace.

To protect DENTSU SOKEN information from the increase in cyber-attacks, we constantly are improving the security level of our systems and networks. At the same time, we conduct comprehensive cyber security training, which includes teaching all officers and employees how to handle targeted email attacks.

Notes:
  • 1.
    Direct hires and contract employees.
  • 2.
    Temporary workers from staffing agencies
  • 3.
    Non-consolidated basis
Organizational chart

Security Management Certification

In December 2000, DENTSU SOKEN was awarded the Privacy Mark that is given to business operators that appropriately handle personal information. The award was made by the Japan Institute for Promotion of Digital Economy and Community (formerly the Japan Information Processing Development Corporation), in recognition of our bid to manage personal information appropriately.

In March 2005, DENTSU SOKEN was awarded information security standard BS 7799 certification, and the ISMS certification standard as a group, both of which are international standards.

Later, BS 7799 was changed to ISO/IEC 27001 and, as of January 6, 2025, a total of 47 companies, including Dentsu Group Inc., 45 Dentsu Japan companies, and 47 CLUB, which is a Dentsu-affiliated company, have acquired ISO/IEC 27001: 2013 and JIS Q 27001: 2014 certification (standards in Japan that have been made into Japanese Industrial Standards (JIS) based on ISO/IEC 27001).

BS7799/ISMS認証基準
プライバシーマーク 11820084(13)
Certification status within the DENTSU SOKEN Group

ISO/IEC27001 certification: Six companies in Japan including DENTSU SOKEN (six of seven companies, approx. 86%)

Types of Personal Information and Purposes of Use

DENTSU SOKEN uses personal information for the following purposes. We will determine the appropriate storage period for personal information on an individual basis, taking into account the purpose of use, quantity, nature, confidentiality, and necessity of retaining personal information for legal and business purposes. When the handling of personal information is no longer necessary, or when the retention period has expired, DENTSU SOKEN will delete personal information using a secure method, or if that is not possible, we will securely store personal information until it can be deleted, and thereafter prevent any new use of personal information.

For additional details, please refer to our Personal Information Protection Policy

Types of Personal Information Purposes of Use
Customer information
  • Provision of products and services handled by DENTSU SOKEN INC. and Group companies, including consulting services, software product sales and support, system integration services, and information processing and communication services
  • Business communications with business partners
  • Performance of contracts entered into between business partners and DENTSU SOKEN (not for use of retained personal data)
  • Distribution of PR magazines and other publications by DENTSU SOKEN
  • Information on products and services handled by DENTSU SOKEN and Group companies
  • Information on seminars, exhibitions, and other events held (sponsored, co-sponsored, or supported) by DENTSU SOKEN and Group companies
  • Requests for participation in customer satisfaction surveys and other questionnaires
Business partner information
  • Management of individual business partner employees and temporary workers based on the fulfillment of various contracts
Shareholder information
  • Responses to shareholder rights execution and fulfillment of obligations to shareholders in accordance with the Commercial Code and other relevant laws and regulations
Information on DENTSU SOKEN INC. and Group employees
  • Confirmation of employee personnel and labor management, accounting, general affairs, and other business matters
  • Activities including the recruiting and hiring of employees
Information pertaining to various types of inquiries
  • Responses to inquiries or requests pertaining to DENTSU SOKEN
Information necessary for the purposes of use listed on the right, including the above information
  • Other purposes for which the individual will be notified in advance and consent has been received
  • Other uses deemed reasonably necessary for the execution of DENTSU SOKEN business

Data Leak Prevention Measures

The following measures are in place to prevent data leaks and respond in the event a data leak occurs.

Measures for Preventing Data Leaks Before They Occur

To prevent data leaks before they occur, we limit access to information assets to the extent possible and regularly confirm validity and accuracy. Further, as technical measures for systems and networks, we implement multi-factor and multi-stage authentication, encrypt communications and storage, employ endpoint detection and response (EDR), and use vulnerability management services, while also regularly conducting security audits of systems and networks to discover and correct vulnerabilities as quickly as possible. In addition to these measures, we make efforts to raise awareness regarding data leak risks and countermeasures by continuously improving regulations and guidelines in response to social technological trends and demands, and the thorough provision of security training to officers, full-time employees, and temporary workers.

Countermeasures in the Event of a Data Leak

In the event of a data leak, the Information Security Committee Secretariat acts as the first point of contact, and the incident is managed centrally on the system in accordance with a series of procedures. Additionally, we have established a technical support system (DENTSU SOKEN CSIRT) to quickly and efficiently respond to incidents, including cyber-attacks, and are prepared for emergencies through the creation of response procedures and ongoing response training. We also implement ongoing improvement activities to formulate response procedures in line with training results, social technological trends, and other demands.

Enhancing Information Security Management for Business Partners

To maintain the same level of security among all our business partners, DENTSU SOKEN enters into appropriate agreements, including confidentiality clauses, and requires that business partners comply with information security regulations. We also regularly assess our business partners to confirm their compliance status.

Intellectual Property

The DENTSU SOKEN Group considers intellectual property to be one of its important management assets and strives to protect its own intellectual property and respect the intellectual property of others. In compliance with the "Dentsu’s Global Intellectual Property Principles," we are working to protect and utilize intellectual property by developing and operating various regulations and guidelines.
 

Structure

At DENTSU SOKEN, the Legal and Intellectual Property Department accepts requests for and consultations regarding intellectual property, mainly patents, trademarks, and design rights, from each department, and appoints appropriate patent attorneys and other experts as needed to carry out initiatives such as acquiring and maintaining rights, and conducting conflict investigations. The Legal and Intellectual Property Department also accepts and supports consultations from each company in the DENTSU SOKEN Group.

Training

DENTSU SOKEN is continuously working on intellectual property education, such as making it mandatory for new employees to take training on the handling of copyrighted works such as programs. We conduct enlightenment activities regarding intellectual property for employees by posting materials and video content explaining the content of intellectual property and the procedures for acquiring rights on the in-house portal so that they can be viewed at any time.

Crisis Management

DENTSU SOKEN maintains various manuals in the event of a crisis, such as a major earthquake or the outbreak of a serious infectious disease. This it does to ensure that employees and business partners are safe, and that a business continuity structure is in place.

Specifically, in terms of disaster response, we regularly carry out practical work training and desktop simulations, and as a measure for people who, in times of emergency, may have difficulty returning to their homes, assuming that employees and business partners will remain at work for some time, we stockpile drinking water, food, portable toilets, and other necessary items at each business site. We also have a safety confirmation system, in connection with which training is ongoing.

Further, to ensure the safety of DENTSU SOKEN employees abroad on business, as well as employees and business partners working at DENTSU SOKEN Group companies overseas, we work with external consultants to formulate business trip approval standards, according to the degree of risk involved such as local security conditions, as well as create an Overseas Safety Handbook that outlines the precautions and safety measures to be taken when abroad.