The Group has established a Compliance and Risk Management Committee (hereinafter referred to as "CRM Committee") chaired by a representative director to assess the status of compliance and risk management, to properly manage risks, and to promptly address compliance issues. The CRM Committee is chaired by a representative director to ensure appropriate risk management and prompt compliance response. The CRM Committee sets key risk and compliance items and targets, and monitors and discusses risk countermeasures. In July 2021, the CRO and the Group Risk Management Division were assigned to oversee and promote risk management from the Group's perspective, thereby strengthening the risk management system.
The risks described below refer to the material risks attributable to the operating companies after October 1, 2022, when the absorption-type company split agreement between the Company's consolidated subsidiaries, as explained in the "Notice Regarding Determination of Policy on Reorganization (Company Split between Consolidated Subsidiaries), Change of Trade Name and Partial Change of Articles of Incorporation of the Company, and Change of Trade Name of Consolidated Subsidiary" released on June 22, 2022, is approved at each company's shareholders meeting and the reorganization becomes effective.
Among the risk items identified, risks that could have an enormous impact if they materialize are identified as particularly important risks and are listed below:
Our executives, employees, offices, and facilities are concentrated in the Tokyo metropolitan area, and there is a possibility that a situation may arise when earthquake directly under the Tokyo metropolitan area, eruption of Mt. Fuji and flood damage due to typhoon, storm surge, etc. might led to loss of critical information assets, shortage of available personnel, collapse of infrastructure and we will not be able to resume business operations quickly. In addition, we recognize that the loss of important documents and data related to business execution and intellectual property, etc., due to damage caused by earthquakes and other natural disasters or fires at our group's business sites could hinder our business activities and affect our business performance and financial position, and is therefore a particularly important risk.
As risk mitigation measures, we backed up important documents and data to a remote location, established an emergency headquarters and other initial response systems, and formulated a business continuity plan (BCP) to resume business operations. In addition, by enhancing our online business infrastructure, we are striving to prepare for both the safety of our executives and business partners and the continuity of our business operations by utilizing remote work from normal times.
Some of the cloud services provided by our group include consolidated accounting services, management accounting services, and other services that handle important customer data.
For those services, service outages or loss of customer data due to system operation problems, cloud environment failures, cyber-attacks, or other causes could have a significant impact on customer operations. In addition, we recognize that this is a particularly important risk because the occurrence of such an event for reasons attributable to our company could have a significant impact on our group's performance and financial position, including the payment of compensation for damages, and could also lead to a decline in the credibility and brand image of our group. We recognize that this is a particularly important risk.
To reduce risk, the Group has established a cloud service operation organization and a security organization to identify and improve risks on an ongoing basis, and is promoting security measures such as multiple data backups and other system failure countermeasures and multi-factor authentication. In addition, some of our cloud services have obtained SOC1 Type2 reports in compliance with the U.S. Statement on Standards for Assurance Engagements No. 18 (SSAE18), and we strive to improve the quality of system operations by utilizing objective evaluations from a third-party perspective.
In the course of its business activities, the Group may handle personal and confidential information of its affiliates and customers. There is a possibility that this information could be leaked due to unauthorized access to our group's computers by outside parties, leakage of information due to errors by our group's officers or contractors, or other unforeseen circumstances. Such an incident could have a serious impact on the social credibility of the Group and its customers, as well as on the Group's business performance and financial position.
To address security risks, the Group has established an Information Security Policy and a Personal Information Protection Policy, and reviews these policies in response to advances in information and communication technology and changes in social and regulatory environments. The Information Security Committee, led by the Chief Information Security Officer (CISO) and headed by the President and CEO, has been established to formulate policies, implement measures, educate and enlighten employees, and conduct audits and evaluations. We have also acquired ISMS certification (ISO/IEC27001:2013), an international standard for objective evaluation and continuous improvement of these operations. In addition, we respond to cyber-attacks and incidents in accordance with internal rules and regulations, and the Information Security Committee takes measures according to the degree of impact on the Group's business. We also conduct quarterly information security
training to raise the security awareness of all executives, temporary employees, and outsourced employees.
We list below as significant risks that we recognize as highly significant but that will not have a significant impact when they materialize, or those risks that we believe we can adequately address before the risk materializes:
Under its medium-term management plan "BE GLOBAL 2023," the Group aims to achieve sustainable earnings growth and business expansion, while simultaneously transforming its business model. To this end, we are investing in human resources and R&D, as well as in product development to strengthen our product competitiveness, and in the development and expansion of our business infrastructure. As announced on June 22, 2022, in October 2022, we plan to reorganize AVANT CORPORATION, DIVA CORPORATION, ZEAL CORPORATION, and FIERTE CORPORATION into three businesses through an absorption-type demerger agreement between the companies: (1) a business to support disclosure operations, (2) a business to support corporate value enhancement, and (3) a business to support digital transformation. However, it is possible that these business investments and restructurings may not produce the expected investment results due to changes in the
market environment or a gap between developed products and market needs. If the investment does not produce the expected effect, the Group's performance and financial position may be affected in the medium to long term.
In response to this risk, the Group carefully evaluates investment effects and risks qualitatively and quantitatively at the consideration stage of business investment and makes decisions in accordance with the authority stipulated in the "Authority Regulations" in advance. The Group strives to prevent risks from materializing and reduce their impact by continuously monitoring progress against the plan and implementing necessary measures in a timely manner.
The Group has developed several in-house software products in the areas of consolidated accounting, management accounting, and data utilization platforms. In the development of new products and additions to existing products, we continuously strive to improve quality and prevent the occurrence of defects through development based on our development management process, but we cannot deny the possibility that product defects may occur.
Defects in our group's products may affect our customers' operations, and failure to resolve such defects may cause a loss of trust in our group, which may affect our group's business performance and financial position.
The Group has established a quality control department to reduce quality risks during product development and is striving to improve product development quality.
The Group provides BPO services, which include implementation support and contracted development of software developed in-house or by a third party, as well as systemization and settlement of accounts services according to the needs of customers. In the provision of services, deviations from initial estimates may occur due to ambiguities in contractual content or requirements, or technical problems or project management issues that cannot be anticipated at the outset may arise, leading to increased costs and delays in schedules.
We recognize that this is an important risk because such problems could have a significant impact on our group's business performance and financial position due to higher-thanexpected costs and compensation payments for damages resulting from delays in delivery.
With regard to service quality, we are taking measures to reduce the impact on our business performance and financial position by insuring against contingencies, while improving project quality through the establishment of a quality control department as a basic measure.
We believe that one of the key factors in promoting our group's business and achieving growth is the timely and accurate understanding of customer needs and the continuous development of market-competitive products and services. However, if we do not make progress in securing and training the talented and knowledgeable personnel needed to achieve these goals as planned in the medium term, our future growth potential, business performance, and financial position may be affected.
In response to the above risks, we are striving to ensure competitiveness in recruiting by strengthening our recruiting system and understanding the market's appropriate compensation levels, and we are also promoting measures such as enhancing the training menu for new employees to enable them to contribute to the company as soon as they join.
Under its medium-term management plan "BE GLOBAL 2023," the Group aims to achieve sustainable earnings growth and business expansion, while simultaneously transforming its business model. To this end, the Company's policy is to make acquisitions and enter into capital tie-ups as necessary, while taking into consideration its business performance and financial position. However, in proceeding with M&A, there is a possibility that the transaction will not proceed as envisioned by our group due to reasons such as not finding a suitable candidate or not reaching agreement on transaction terms, etc. In addition, if problems arise after the investment or M&A that cannot be identified in the preliminary investigation, such as contingent liabilities or unrecognized liabilities, leading to impairment
of goodwill, etc., it may affect the performance and financial position of our group.
The M&A management organization conducts detailed due diligence on the financial position and contractual relationships of candidate companies in advance, and strives to mitigate this risk by verifying each identified risk and making decisions based on countermeasures.
In order to fulfill our social responsibility as a corporation, our group's greatest management goal is to "create a 100-year company" that can contribute to all stakeholders, including our customers, through the realization of sustainable business growth. We believe that the effective functioning of the Group's overall compliance system is indispensable to achieving this goal.
To ensure the effective functioning of the compliance system, the Group formulates compliance-related regulations, including the Compliance Risk Management Regulations, and ensures that all officers and employees are fully aware of them through education. In addition, the Compliance and Risk Management Committee promotes compliance activities by establishing quantitative checkpoints for compliance.
Although our group's organization is currently working to develop human resources and establish an organizational structure, we recognize that our management is highly dependent on Tetsuji Morikawa, President and Representative Director, and if a situation were to happen to the President and Representative Director, it could affect the promotion of our business activities and our business performance and financial position. We are working to develop successors by entrusting the management of the next generation of leaders as directors of operating companies and providing them with supervision and guidance from the holding company, as well as actively promoting recruitment activities.
In response to the spread of the new coronavirus infection, the Group is following the policies of the national and local governments and is taking measures such as limiting work that requires travel, using online formats for internal meetings, events, seminars, etc., and combining remote work, and is aware that the impact on our business has been sufficiently reduced. We believe that we have sufficiently reduced the impact on our business. In terms of domestic economic activities, the situation has not developed into a situation that would lead to a large-scale restriction of activities, and at this point, our business plan is based on the assumption that the impact of the spread of the new coronavirus will gradually begin to recover.
However, we cannot deny the possibility that the spread of a new infectious disease or the mutation of a new coronavirus could have a serious and prolonged impact on our ability to provide services in the event of future infectious disease outbreaks. In addition, IT investments may be further postponed against the backdrop of deteriorating business performance of domestic companies, resulting in a worse-than-expected performance of our group. In such cases, we are preparing countermeasures to limit the deterioration in performance by controlling some expenses, such as outsourcing costs.
On the other hand, we view the outbreak of a pandemic as an expansion factor for the market to which our group belongs, as it will drive the digitization of companies and increase the importance of management information over the medium to long term.