Strengthening Risk Management through the Development of Our Internal Control System
As part of directors' due diligence, Capcom developed the following internal control system based on the Companies Act and its enforcement regulations to ensure that all Group company practices comply with regulations and are executed in an efficient manner.
To strengthen the management monitoring function and enhance corporate value, Capcom strives to prevent illegal activities and ensure compliance through regular Compliance Committee checks while attempting to invigorate and heighten the monitoring function of the Board of Directors in accordance with advice and recommendations from the three external directors.
Based on our "internal control rules", Capcom has developed and continues to operate the necessary systems in order to guarantee reliable financial reporting and ensure proper internal control over financial reporting, in accordance with the Financial Instruments and Exchange Act. Our internal control system over consolidated financial reporting at the end of the period under review has been determined as effective and the results of this assessment have been reported to the Director-General of the Kanto Regional Finance Bureau in the form of an internal control report. The results have also been disclosed through EDINET and our corporate website.
(1) Information Management and Storage
The management and storage of documents and information such as the minutes from board meetings is conducted in accordance with "document management regulations".
(2) Risk Management
A risk management structure and "crisis management regulations" were created to proactively prevent crises and execute the appropriate actions if one occurs.
(3) Efficient Execution of Business Operations
Capcom introduced a Corporate Officer System under which the duties of the Board of Directors and corporate officers are separated to enable smooth and flexible business operations and enhance management efficiency.
(4) Legal Compliance System
The "Capcom Code of Conduct" is our guideline for legal compliance. We seek to prevent illegal activities and misconduct through employee training and monitoring programs.
(5) Operational Audit Structure
In accordance with auditing policies, the execution of operations by Board of Directors are audited, with recommendations for improvements indicated in auditor reports as necessary to ensure internal controls function effectively. To enable auditors to perform their duties smoothly and appropriately, two employees are selected with the consent of auditors to provide assistance.
Capcom takes a firm stand against antisocial forces that threaten social order and the safety of citizens, and strictly prohibits any association with such groups at the organizational, employee and individual levels. If we are contacted by such groups, in addition to swift organizational measures, we will cooperate with the police and other relevant authorities to firmly refuse unlawful demands.
While Capcom attempts to remain aware of information related to these groups in order to avoid contact or involvement, if we discover that we have unknowingly become involved with them, we will immediately terminate the association with the help of the police and other relevant authorities.
Focusing on the Viability and Effectiveness of Our Compliance System
As noted on page 54, Capcom has established a Compliance Committee consisting of external directors, some of whom are lawyers, who regularly report to the Board of Directors and issue reminders and recommendations. A secretariat was established in the Internal Controls Department, which works to enhance the viability of the entire Capcom Group compliance system by planning and operating the internal compliance system and functioning as the department that provides consultations and receives notifications to prevent legal violations before they occur.
Furthermore, the "Capcom Code of Conduct" was formulated to strengthen our compliance system. Capcom is dedicated to proactively preventing illegal acts and misconduct, and ensuring legal compliance through the promulgation of corporate ethics and principles.
During the period under review, the Compliance Committee met four times and conducted compliance training sessions for new employees. Also, "e-learning sessions on legal compliance and personal information protection rules" were given to all employees.
Compliance is the foundation of corporate governance and the basis for the fulfillment of corporate social responsibility. Capcom will continue to instill this understanding in all its officers and employees.
Compliance Structure
Status of Training Programs (Year ended March 31, 2015)
| Activity | No. of Times | Target |
|---|---|---|
| Compliance training curriculum | 2 | All employees |
| Personal information protection training curriculum | 2 | All employees |
Compliance Status Checked Regularly
Capcom conducts "periodic compliance checks" to regularly monitor the operational status of each of its departments. Twice each year, more than 30 items, including fair business practices, workplace health and safety, and information asset management, are checked using a check sheet, while compliance officers covering each department are also interviewed individually to confirm the effectiveness of our overall compliance system.
Also, in response to feedback received from interviews and questions during the "periodic compliance check", such as on protocol for issuing documents to business partners and proper document management practices, clear-cut answers are provided to related persons and when necessary, all employees are notified and made aware using the intranet.
Special Hotline Set Up for Compliance Issues
Capcom established the "Compliance Hotline" as a self-corrective function to uncover and prevent risks in order for the company to thoroughly practice compliance-focused management. This enables the company to smoothly address whistle-blowing reports from employees and have in place an environment to prevent legal violations or illegal behaviors as well as take corrective action.
Building Mechanisms for the Appropriate Protection of Information Assets
As a company primarily engaged in the planning and development of software, Capcom is an environment where the latest information technology is always in use. Compared to companies in other lines of business, we face relatively high information security risks.
Accordingly, to protect Capcom's information assets from a variety of threats and maintain an information security policy appropriate for a corporation trusted by society, we publish internal information regulation collections, including "Basic Security Policies", "System Usage Policies" and "Basic Disclosure Policies", etc.
We use a firewall to protect us from external attacks via the Internet, and our internal system requires each user to have a unique ID, password and PIN to access the system, thereby reducing the risk of unwelcome intruders.
Furthermore, we are in the process of patching known security holes. Over the past few years, we have been implementing measures to prevent information leaks, which include the (1) identification of information leak risks, (2) creation of an early response structure to respond to information leaks and (3) establishment of a response process to minimize damage in event information is leaked.
Above all, in (1) we will reconfirm the importance of information assets held by each department with the aim of clarifying critical risks and create a manual detailing procedures related to (2), while (3) will involve a system capable of quickly auditing the information log to find the cause and prevent the reoccurrence of problems. In this manner, we are focusing our efforts on using our expertise to enhance our internal response capabilities.
Moreover, to prevent the remote takeover of computers and other cyber-attacks that are on the rise recently, we constantly monitor for suspicious communications with external networks and implement virus detection on computers issued to employees.
In addition, regarding critical online services, we outsource the constant monitoring of security and communications to an external security specialist who also conducts regular diagnostics.
To improve security literacy among all our employees, we are implementing internal training to raise awareness and educate on the topic of information leak risks. Through these and other initiatives, Capcom is striving to create a structure for making an appropriate first response in the event information is leaked or an accident occurs.
Strengthening Our Crisis Management System
Capcom is working to strengthen its crisis management system in order to minimize damages, losses and disrepute, and ensure the company continues to function, based on an appropriate and smooth response, in the event of an emergency, such as a natural disaster or accident. If an emergency occurs, under our crisis management rules, a task force consisting of top management will be set up to assess the extent of damage to the company. In addition, we have established action criteria and an emergency contact route in our crisis management manual in order to ensure an appropriate response and convey information to one another in a prompt manner.
In the wake of the Great East Japan Earthquake, we are striving to build a crisis management system that will ensure our business continuity in the event of an unforeseen incident or natural disaster. This will be made possible by strengthening our risk management through the stockpiling of disaster-relief supplies, implementation of a safety confirmation system, and storage of "health kits for flu", to ensure that we can properly and quickly respond to these emergencies.
 |
 Corporate Governance (PDF:1.28MB/18 pages) |
