As part of directors' due diligence, Capcom developed the following internal control system based on the Companies Act and its enforcement regulations to ensure that all Group company practices comply with regulations and are executed in an efficient manner.
To strengthen the management monitoring function and enhance corporate value, Capcom strives to prevent illegal activities and ensure compliance through regular Compliance Committee checks while attempting to invigorate and heighten the monitoring function of the Board of Directors in accordance with advice and recommendations from the three external directors.
(1) System for storage and management of information related to directors' performance of duties
The appropriate management and storage of documents and information such as the minutes from board meetings is conducted in accordance with "document management regulations."
(2) System Regulations, etc. Concerning Risk Management
We are working to see that with "crisis management regulations," and other such means the system-wide risk management structure functions to proactively prevent crises and execute the appropriate actions if unforeseen events occur.
(3) System to Ensure that Directors Perform Duties Efficiently
Capcom introduced a Corporate Officer System under which the duties of the Board of Directors, which decides business policy, and corporate officers, who execute operations, are separated and promote smooth and flexible business operations through speedy decision-making and enhanced management efficiency.
(4) System to Ensure that Performance of Duties by Employees Conforms with Laws and Regulations, etc.
The "Capcom Code of Conduct" is our guideline for legal compliance. We seek to prevent illegal activities and misconduct through employee training and monitoring programs.
(5) System to Ensure the Appropriateness of Duties in the Capcom Group
Capcom requires the reporting of important subsidiary information, such as the current state of business and business forecasts. This is accomplished through close cooperation and mutual understanding between the parent and subsidiaries based on convening Board of Directors meetings at subsidiaries in which Capcom directors, etc. participate and "Subsidiary Management Regulations," etc. Also, we are aiming for rationalization of duties so that corporate governance functions, and we are promoting the maintenance of the overall Group's compliance system with "Risk Management Regulations."
(6) System for Employees Who Help in the Duties of the Audit and Supervisory Committee, System Regarding the Independence of the Employees Concerned from the Director and System to Ensure Effectiveness of Direction Given to the Employees Concerned
The Audit and Supervisory Committee works so that the internal controls function effectively, auditing the execution of operations by directors and employees based on auditing policies and, as necessary, submitting items found in audits and making advice and suggestions for corrections, etc. Because of this, we have established an Internal Auditing Division directly under the control of the Audit and Supervisory Committee to enable the work of the Committee to be performed duties smoothly and appropriately. This Division has a full-time staff of 18 who help with execution of operations of the Audit and Supervisory Committee and the consent of the Audit and Supervisory Committee is obtained regarding the reassignment of members of this staff.
(7) System for Capcom Group Employees and Directors to Report to the Audit and Supervisory Committee, System for Other Reports to the Audit and Supervisory Committee, System to Prevent Unfavorable Treatment Due to Having Made a Report
When the Audit and Supervisory Committee request a Capcom employee or director for information regarding the execution of operations, that employee or director responds promptly and appropriately and also reports appropriately about the required items. Also, when an employee or director of Capcom or the Capcom Group makes a report to the Audit and Supervisory Committee, she/he is not treated unfavorably because of that report.
(8) Other Systems to Ensure that Audit and Supervisory Committee Audits are Carried out Effectively
Regarding the expenses incurred in the execution of operations by Directors who are Members of the Audit and Supervisory Committee, in addition to having established a budget of a given size, we bear the costs for applicable expenses when requested to pay ahead of time.
(9) Overview of Operational Status of the System to Ensure Appropriate Operations
In addition to the above systems, the Compliance Committee, which has an External Director as chairman, meets once a quarter and reports on inherent risks and the probability of actualization, etc.to the Board of Directors, working for early discovery and prevention of illegal activities and misconduct. Also, in order to deepen Directors' understanding of compliance, with e-learning and checking the effectiveness of use of periodic compliance check sheets, we are preventing insider trading and the leakage of information, ensuring information security, and thoroughly promulgating observance of laws and regulations. Additionally, with regards to Capcom Group companies, in addition to conveying Capcom's management policies to management at subsidiaries, we are working to have the internal control system for the entire Capcom Group work effectively by continually monitoring the business status of subsidiaries by collecting information from Capcom's Directors who hold two posts concurrently and dispatched employees, etc.
As noted on page 72, Capcom has established the Compliance Committee chaired by an external director who is qualified as a lawyer and consisting of directors and directors who serve as members of the Audit and Supervisory Committee to prevent any violation of laws and regulations. In addition, the Company is working to improve the effectiveness of compliance on a group-wide basis by measures to maintain the functionality of the department responsible for accepting the consultation requests and whistleblower reports such as announcing necessary matters through the Company's intranet.
Furthermore, the "Capcom Code of Conduct" was formulated to strengthen our compliance system. Capcom is dedicated to proactively preventing illegal acts and misconduct, and ensuring legal compliance through the promulgation of corporate ethics and principles.
During the period under review, the Compliance Committee met four times and conducted compliance training sessions for new employees. Also, "e-learning sessions on legal compliance and personal information protection rules" were given to all employees.
Compliance is the foundation of corporate governance and the basis for the fulfillment of corporate social responsibility.
Status of Training Programs (Year ended March 31, 2016)
|Activity||No. of Times||Target|
|Compliance training curriculum||2||All employees|
|Personal information protection training curriculum||2||All employees|
As a company primarily engaged in the planning and development of software, Capcom is an environment where the latest information technology is always in use. Compared to companies in other lines of business, we face relatively high information security risks.
Accordingly, to protect Capcom's information assets from a variety of threats and maintain an information security policy appropriate for a corporation trusted by society, we publish internal information regulation collections, including "Basic Security Policies," "System Usage Policies" and "Basic Disclosure Policies," etc.
We use a firewall to protect us from external attacks via the Internet, and our internal system requires each user to have a unique ID, password and PIN to access the system, thereby reducing the risk of unwelcome intruders.
Furthermore, we are in the process of patching known security holes. Over the past few years, we have been implementing measures to prevent information leaks, which include the (1) identification of information leak risks, (2) creation of an early response structure to respond to information leaks and (3) establishment of a response process to minimize damage in event information is leaked.
Moreover, to prevent the remote takeover of computers and other cyber-attacks that are on the rise recently, we constantly monitor for suspicious communications with external networks and implement virus detection on computers issued to employees.
|ESG Information PDF (PDF:1.17MB/11 pages)|