Internal Control

The Sumitomo Corporation Group has strengthened its internal controls to retain the trust of all its stakeholders.

Basic Principles and System

The Sumitomo Corporation Group comprises six business units, an initiative, regional organizations and Group companies in Japan and overseas. The Group collectively works together in a broad range of business fields.

In order to realize sustainable growth and development for the Sumitomo Corporation Group, as well as enhance the operational quality of each of the Group companies, we stipulate basic regulations for internal control, and practice the construction, management, evaluation, and revision of appropriate internal control systems.

To rationally ensure compliance with laws and regulations throughout the entire Group in relation to business activities, preservation of assets, efficiency and efficacy of operations, and trustworthiness of financial reporting, initiatives are being taken to improve Group governance.

Internal Control System

Financial Reporting

The Sumitomo Corporation Group creates financial reports in accordance with the Accounting Policy Manual that lays out the Group’s internal policies for accounting, and discloses information in a timely and appropriate manner and in compliance with relevant laws, regulations, and accounting standards.

For its financial reporting internal control system, the Company acts in accordance with the Internal Control Reporting System stipulated in the Financial Instruments and Exchange Act, by promoting internal control activities as required by the Act, and evaluating and improving its business processes.

Information Security

Sumitomo Corporation’s Information Security Committee, chaired by the CIO, plays the lead role in formulating the Information Security Policy and other relevant regulations as part of its activities to ensure information security and the appropriate management of information assets. For personal information, we operate a Privacy Policy and have put in place relevant regulations and organizational structures to ensure appropriate protection.

We also take steps to minimize the risk from unexpected situations involving information security, such as external attacks aimed for instance at theft or destruction of corporate information. In addition to system-based safeguards, these include continuous training and drills for officers and employees and system monitoring and upgrades covering our major subsidiaries and other group entities.

Information Management System

Internal Audits

The Internal Auditing Department, which reports directly to the President and Chief Executive Officer, is an independent organization that monitors the operations of the entire Sumitomo Corporation Group, and audits all organizations and operating companies of the Group. As well as reporting the outcome of all internal audits directly to the President and Chief Executive Officer, periodic reports are also made to the Board of Directors and the Audit & Supervisory Board Members. The department conducts audits on all aspects of internal control, comprising asset and risk management, compliance and business operations. Also, by comprehensively examining and identifying the risks inherent in the organization being audited, it provides suitable recommendations based on an evaluation of the effectiveness and adequacy of the internal controls of the organization, thus expedites improvement and maintenance on auditees’ own initiative.

Group Governance

“Medium-Term Management Plan 2020” includes initiatives to enhance governance further as part of its drive to reinforce management bases. The Company considers the internal control system to be the foundation for promoting growth strategies, and in terms of specific measures to enhance governance it has begun working on a project that aims to enhance corporate value and operational quality through the use of the internal control system. This project will identify the basic risks that should be controlled as part of the operation of the business. With regard to the significance of the risks and their countermeasures, while maintaining dialogues with Group companies, the Company will create an autonomous cycle of PDCA for the improvement of internal control. The Group will standardize this process, and actively promote the use of PDCA cycles in workplaces to open the way to enhance operational quality for the Group as a whole.