Internal Control


The Sumitomo Corporation Group has strengthened its internal controls to retain the trust of all its stakeholders.

Basic Principles and System

The Sumitomo Corporation Group comprises six business units, an initiative, regional organizations and Group companies in Japan and overseas. The Group collectively works together in a broad range of business fields.

In order to realize sustainable growth and development for the Sumitomo Corporation Group by enhancing the operational quality of each of the Group companies, we stipulate basic regulations for internal control, develop and conduct appropriate internal control, and access the effectiveness and take action to improve it.

To rationally ensure compliance with laws and regulations throughout the entire Group in relation to business activities, safeguarding assets against loss, effectiveness and efficiency of operations, and reliability of financial reporting, initiatives are being taken to improve group governance.

Internal Control System

Financial Reporting

The Sumitomo Corporation Group creates financial reports in accordance with the Accounting Policy Manual that lays out the Group’s internal policies for accounting, and discloses information in a timely and appropriate manner and in compliance with relevant laws, regulations, and accounting standards.

For its financial reporting internal control system, the Company acts in accordance with the Internal Control Reporting System stipulated in the Financial Instruments and Exchange Act, by promoting internal control activities as required by the Act, and evaluating and improving its business processes.

Information Security

Sumitomo Corporation appoints a Chief Information Officer (CIO), who has ultimate responsibility for information security. This officer works to ensure information security and the appropriate management of information assets by formulating the Information Security Policy and other relevant regulations. For personal information, we operate a Privacy Policy and have put in place relevant regulations and organizational structures to ensure appropriate protection.

We also take steps to minimize the risk from unexpected situations involving information security, such as external attacks aimed for instance at theft or destruction of corporate information. In addition to system-based safeguards, these include continuous training and drills for officers and employees and system monitoring and upgrades covering our major subsidiaries and other group entities.

Internal Audits

The Internal Auditing Department, which reports directly to the President and Chief Executive Officer, is an independent organization that monitors the operations of the Group, and audits organizations and operating companies of the Group. As well as reporting the outcome of internal audits directly to the President and Chief Executive Officer, in principle on a monthly basis, periodic reports are also made to the Board of Directors and the Audit & Supervisory Board. The department conducts audits on all aspects of internal control, comprising asset and risk management, compliance and business operations. Also, by comprehensively examining and identifying the risks inherent in the organization being audited, it provides suitable recommendations based on an evaluation of the effectiveness and adequacy of the internal controls of the organization, thus it expedites improvement and maintenance on auditees’ own initiative. The department will continue contributing to the improvement of internal control at the Sumitomo Corporation Group based on the Group Management Policy.

Group Governance

The management policy of the Sumitomo Corporation Group is to respect "Jiritsu"* management by each Group Company, and to be involved in important decision-making at the board of directors or organization equivalent to the board of directors of each Group Company based on the relationship of trust established through active "Dialogue" as a shareholder, and to create new value through strong "Collaboration" of each Group Company including Sumitomo Corporation.

With the aim of strengthening the Group’s governance under the medium-term management plan "SHIFT 2023", in order to maximize our group’s corporate value through sharing and putting into practice the principles of Group management, we have established a Group Management Policy (GMP) that sets the three principles of Group management: "Jiritsu", "Dialogue", and "Collaboration".

Sumitomo Corporation supports the establishment and operation of an optimal management system to control risks appropriately and increase the odds of achieving its business strategies for Jiritsu management of each Group Company. While maintaining dialogues with Group Companies, we will create a PDCA cycle for internal control, which will lead to enhancement of operational quality and corporate value for the Group as a whole.

*"Jiritsu" is the Japanese term. In GMP, we define it to mean "following the rules necessary for the management of each Group Company, such as the Sumitomo Corporation Group’s management principles, strategies, and policies, to discipline oneself, to think, make decisions, act for oneself in order to achieve goals, and to be accountable to stakeholders".

Top