Internal Control

The Sumitomo Corporation Group has strengthened its internal controls to retain the trust of all its stakeholders.

Basic Principles and System

The Sumitomo Corporation Group comprises six business units as well as regional organizations in Japan and overseas. Business units, organizations, and Group companies collectively work together in a broad range of business fields.

In order to realize sustainable growth and development for the Sumitomo Corporation Group, as well as enhance the operational quality of each of the Group companies, we stipulate basic regulations for internal control, and practice the construction, management, evaluation, and revision of appropriate internal control systems.

To rationally ensure compliance with laws and regulations throughout the entire Group in relation to business activities, preservation of assets, efficiency and efficacy of operations, and trustworthiness of financial reporting, initiatives are being taken to improve Group governance.

Internal Control System

Financial Reporting

The Sumitomo Corporation Group creates financial reports in accordance with the Accounting Policy Manual that lays out the Group’s internal policies for accounting, and discloses information in a timely and appropriate manner and in compliance with relevant laws, regulations, and accounting standards.

For its financial reporting internal control system, the Company acts in accordance with the Internal Control Reporting System stipulated in the Financial Instruments and Exchange Act, by promoting internal control activities as required by the Act, and evaluating and improving its business processes.

Information Security

The Company acknowledges the importance of ensuring information security, and maintains appropriate measures including, but not limited to, the establishment and maintenance of relevant rules, primarily through the Information Security Committee, which is chaired by the Chief Information Officer (CIO). In October 2017, a new Information Security Policy was established.

The information managers in each organization categorize information assets based on their importance, give instructions for procedures and methods in order to handle these assets adequately, and work to ensure information security, efficient information-related administrative procedures, and information sharing. For personal information, in addition to establishing a Privacy Policy to protect this as appropriate, we have put in place relevant rules and organizational structures.

We also work on initiatives to minimize risk related to unexpected situations involving information security, such as external attacks aimed at theft or destruction of corporate information. As well as using system-based safeguards, we conduct ongoing training and drills for employees while establishing and monitoring systems at major subsidiaries and other Group entities. The Company also coordinates with specialized third-party organizations to stay up-to-date on relevant information and to enable swift and appropriate responses.

Information Management System

Internal Audits

The Internal Auditing Department, which reports directly to the President and CEO, is an independent organization that monitors the operations of the entire Sumitomo Corporation Group, and audits all organizations and operating companies of the Group. As well as reporting the outcome of all internal audits directly to the President and CEO, periodic reports are also made to the Board of Directors. The Department conducts audits on all aspects of internal control, comprising asset & risk management, compliance and business operations. Also, by comprehensively examining and identifying the risks inherent in the organization being audited, it provides suitable recommendations based on an evaluation of the effectiveness and adequacy of the internal controls of the organization, thus expedites improvement and maintenance on auditees’ own initiative.

Group Governance

“Medium-Term Management Plan 2020” includes initiatives to enhance governance further as part of its drive to reinforce management bases. The Company considers the internal control system to be the foundation for promoting growth strategies, and in terms of specific measures to enhance governance it has begun working on a project that aims to enhance corporate value and operational quality through the use of the internal control system. This project will identify the basic risks that should be controlled as part of the operation of the business. With regard to the significance of the risks and their countermeasures, while maintaining dialogues with Group companies, the Company will create an autonomous cycle of PDCA for the improvement of internal control. The Group will standardize this process, and actively promote the use of PDCA cycles in workplaces to open the way to enhance operational quality for the Group as a whole.