The Group has established a Compliance Committee, Risk Management Committee, and Information Security Committee, each chaired by a representative director, to monitor the status of compliance and risk management, manage risks appropriately, and has established a company-wide risk management system to promote prompt compliance responses.
In addition, we have developed a "management crisis list" of risks that may affect the achievement of our group's medium-term management plan, BE GLOBAL 2028, and our existing business base, which is reviewed on an annual basis.
In this list, we analyze and evaluate the frequency of occurrence and degree of impact that may affect management, and organize risks that may have a significant impact as "significant risks" and risks among "significant risks" that require prompt emergency responses in addition to normal controls, and for which measures such as risk avoidance, reduction, and transfer should be initiated on a priority basis as "particularly significant risks". The risks that require a rapid response in addition to the control during normal times, and for which measures such as risk avoidance, reduction, and transfer should be initiated with priority, are organized as "particularly important risks". For each "material risk," the Group as a whole promotes priority control activities, clarifies countermeasures and issues mainly for "particularly important risks", and implements a risk management cycle (PDCA) by regularly monitoring the control status, confirming its effectiveness, and making recommendations for improvement. In addition, we conduct other activities necessary for the penetration and thoroughness of risk management.
Among the risks listed below (1) through (15) that may have a significant impact on the achievement of the Group's business plan and the foundation of the Group's existence, we have designated (1) as a "particularly important risk" and are promoting priority measures to address it.
Risks and uncertainties that may affect the Company's future performance and financial position include, but are not limited to, the following Forward-looking statements that are based on judgments made as of the end of the current fiscal year.
Some of the cloud services offered by the Group provide services that handle important customer data, such as institutional accounting, management accounting, and business management. If those services were to experience a service outage or loss of customer data due to a cyber attack, it could have a significant impact on customer operations. In addition, we recognize that this is a particularly important risk because the occurrence of such an event for reasons attributable to us could have a significant impact on our group's performance and financial position, including the payment of compensation for damages, and could also lead to a decline in our group's credibility and brand image. We recognize that this is a particularly important risk.
To reduce risk, the Group has established an Information Security Committee, which continuously identifies and improves risk and promotes security measures such as multiple data backups and other system failure countermeasures and multi-factor authentication. In addition, some of our cloud services have obtained SOC1 Type2 reports in compliance with the U.S. Statement on Standards for Assurance Engagements No. 18 (SSAE18), and we strive to improve the quality of system operations by utilizing objective evaluations from a third-party perspective.
In addition, in the fiscal year ending June 30, 2025, we are focusing on strengthening our "structure" and "cyber resilience" and are working to develop and put in place a company-wide cyber security risk management strategy.
The Group aims to achieve sustainable earnings growth and business expansion under its medium-term management plan, "BE GLOBAL 2028". Therefore, it is our policy to make acquisitions and enter into capital tie-ups as necessary, while taking into consideration our business performance and financial position. However, in proceeding with M&A, there is a possibility that the transaction will not proceed as envisioned by our group due to the inability to find suitable candidates or to reach agreement on transaction terms, etc. In addition, problems that cannot be identified in the preliminary investigation, such as the occurrence of contingent liabilities or unrecognized liabilities after the investment or M&A, may lead to impairment of our group's business performance and financial position. In addition, problems that cannot be identified in the preliminary investigation, such as the occurrence of contingent liabilities or the discovery of unrecognized liabilities after investment or M&A, may lead to impairment of goodwill or other assets, which may affect the Group's performance and financial position.
The organization in charge of M&A conducts detailed due diligence on the financial position and contractual relationships of candidate companies in advance, and makes decisions based on verification and countermeasures for each identified risk. We also strive to reduce such risks by quantitatively and qualitatively understanding the business conditions of the investee companies involved in each business.
In order to achieve the goals of our medium-term management plan "BE GLOBAL 2028," our group is investing in human resources and R&D, as well as in product development to strengthen product competitiveness, and in the development and expansion of our business infrastructure. However, it is possible that these business investments may not produce the expected investment results due to changes in the market environment or a gap between developed products and market needs. If the investment does not produce the expected effect, the Group's performance and financial position may be affected in the medium to long term.
In response to this risk, the Group carefully decides on business investments at the consideration stage after evaluating investment effects and risks in accordance with the authority stipulated in the "Authority Regulations" in advance. We are also working to prevent risks from materializing and reduce their impact by continuously monitoring progress against plans during the implementation stage and implementing necessary measures in a timely manner.
If a failure occurs in the cloud services provided by our group and the operation of the system or service is suspended, it may have a significant impact on customer operations. In addition, if problems such as loss of customer data were to occur, the impact would be even greater, and in some cases, compensation payments for damages incurred could have a significant impact on the Group's performance and financial position. In addition, any delay in the operation of the service will lead to a deterioration of the Group's social credibility and brand image.
To ensure stable system operation and the continuous provision of services, the Group is promoting various enhancement measures to both prevent failures from occurring and minimizing the impact of failures when they do occur.
In the cloud-based service market in which our group operates, many companies are developing their businesses, and the pace of technological innovation and changes in market needs is extremely fast, requiring operators of cloud-based service businesses to respond flexibly to these changes. Therefore, if we are unable to respond in a timely manner to intensifying competition from companies offering similar services to our group, technological innovations, or changes in market needs, or if we have to spend a lot of money on system investments and personnel expenses to respond to changes, our group's performance and financial position may be affected.
In response to this risk, the Group is not only building a system to keep abreast of the latest technological trends and changes in the environment, but is also working to improve its competitiveness by building services that pursue optimal usability, differentiating its sales areas, and enhancing customer support. We also strive to respond quickly to technological innovations and changes in market needs by securing and training excellent human resources.
If the Group's ability to secure and develop talented human resources with the expertise needed to promote its business and achieve growth does not proceed as planned over the medium term, the Group's future growth potential and business performance and financial position may be affected.
In response to this risk, we are working to ensure competitiveness in recruitment by strengthening our recruitment and training systems and understanding the market's appropriate compensation levels, as well as reviewing our personnel evaluation system to ensure that new employees are able to contribute to the company and continue to work with us as soon as possible.
The Group uses cloud services provided by overseas companies and is affected by fluctuations in exchange rates as it pays for these services in U.S. dollars after putting in yen to pay the fees. Therefore, an increase in costs due to exchange rate fluctuations could affect the Group's performance and financial position.
The Company hedges this risk by settling accounts through foreign currency deposit accounts. The Company's policy is to use foreign currency deposits within the scope of actual demand and not to conduct transactions for speculative purposes.
The Group is subject to various laws and public regulations in the course of its business operations. Violations of these public regulations may result in disciplinary action by regulatory authorities, lawsuits, or even suspension of business activities, as well as damage to corporate brand value and loss of public trust. We believe that it is essential for a company to have an effective compliance system in order to fulfill its social responsibilities.
In response to this risk, the Group has not only established a system to keep abreast of the latest legal and regulatory trends, but has also formulated compliance regulations and other compliance-related rules to ensure the effective functioning of the compliance system and to ensure that all officers and employees are familiar with them through education. In addition, the Compliance Committee promotes activities by establishing quantitative checkpoints for compliance.
In the cloud-based services business in which the Group operates, cloud services and network technologies are becoming increasingly complex, and system design and development costs are on the rise. Therefore, we use third parties such as system design and development vendors and cloud service vendors for the purpose of improving operational efficiency and productivity. In the event of a system failure or cyber attack at these third parties, there is a possibility that service provision may be disrupted, important information such as customer information may be leaked, and the business operations of our group may be disrupted. In addition, the Group's business performance and financial position could be affected by a decline or loss of trust in the Group due to compensation to customers who have suffered damage.
In order to prevent such adverse effects, the Group has established subcontracting management regulations and strives for ongoing risk management by verifying the appropriateness and suitability of business partners when subcontracting, providing guidance, and reviewing the management system during the contract period.
The Group aims to achieve sustainable earnings growth and business expansion under its medium-term management plan "BE GLOBAL 2028," and is exploring the use of business management tools that incorporate AI. The speed of technological innovation related to AI is rapid, and it is assumed that consulting revenues in the program development area may shrink if various automatic creation technologies, including those in the programming language area, become popular. Competition is also intensifying, and if we are unable to hire highly specialized personnel to implement AI technology as planned, or otherwise fail to secure the necessary human resources, our business and earnings could be affected.
In response to this risk, the Group is not only building a system to keep abreast of the latest technological trends and changes in the environment, but is also exploring the use of AI technology in business areas and acquiring and securing highly specialized human resources who can handle AI system development.
Although our group's organization is currently working to develop human resources and establish an organizational structure, we recognize that our management is highly dependent on Tetsuji Morikawa, President and Representative Director, and if a situation were to happen to the President and Representative Director, it could affect the promotion of our business activities and our business performance and financial position.
To address this risk, we are working to formulate and execute a succession plan by appointing the next generation of leaders as directors of operating companies and entrusting them with the management of these companies, and by providing supervision and guidance from the holding company to develop successors.
The Group provides BPO services for undertaking financial closing operations and contracted development support for the introduction of software developed in-house or by third parties that is systematized according to customer needs. In the provision of services, there is a possibility that deviations from initial estimates may occur due to changes in accounting procedures, publication of practical guidelines, etc., ambiguities in contractual content or requirements, or other unforeseen technical problems or project management issues, which may increase costs or delay schedules. This can lead to cost increases and schedule delays. If a lawsuit is filed due to any factor, including the manifestation of such problems or quality deterioration, the Group's business performance and financial position could be significantly affected due to higher-than-expected costs and payment of compensation for damages resulting from delayed delivery.
To address this risk, we are taking measures to reduce the impact on our business performance and financial condition by insuring against contingencies, while improving project quality through the establishment of a quality control department. We are also working to strengthen our services through enhanced recruitment and in-house training of specialized human resources in the accounting and digital fields.
The Group has developed several in-house software products in the areas of institutional accounting, management accounting, business management, and data utilization platforms. In the development of new products and additions to existing products, we continuously strive to improve quality and prevent the occurrence of defects through development based on our development management process, but we cannot deny the possibility that product defects may occur. Defects in our group's products may affect our customers' operations, and failure to resolve such defects may cause a loss of trust in our group, which may affect our group's business performance and financial position.
To address this risk, we have established a quality control department to reduce quality risk during product development.
In the course of its business activities, the Group may handle personal and confidential information of its affiliates and customers. There is a possibility that this information could be leaked due to unauthorized access to our group's infrastructure from outside, leakage of information due to errors by our group's officers and employees or contractors, or other unforeseen circumstances. Such an incident could have a serious impact on the social credibility of the Group and its customers, as well as on the Group's business performance and financial position.
To address security risks, the Group implements firewalls, VPNs, and other system measures to monitor and prevent unauthorized access, and has established information security and personal information protection policies, which are reviewed in response to advances in information and communication technology and changes in social and regulatory environments. The Information Security Committee, headed by the President and CEO, has been established to formulate policies, implement measures, educate and enlighten employees, and conduct audits and evaluations. We have also acquired ISMS certification (ISO/IEC27001:2013), an international standard for objective evaluation and continuous improvement of these operations. We also conduct quarterly information security training to raise the security awareness of all executives, temporary employees, and outsourced employees.
Eruption of Mt. Fuji, typhoons, storm surges, etc., could result in the loss of important information assets, a shortage of work-ready personnel, or the collapse of infrastructure, making it impossible to resume business operations quickly. In addition, we recognize that the loss of important documents and data related to business execution and intellectual property due to damage caused by natural disasters such as earthquakes or fires at our group's business sites could hinder our business activities and affect our business performance and financial position, which is a particularly important risk.
As risk mitigation measures, we are backing up important documents and data to remote locations, establishing an emergency headquarters and other initial response systems, and formulating a Business Continuity Plan (BCP) to resume business operations. In addition, by enhancing our online business infrastructure, we are striving to prepare for both the safety of our executives and business partners and the continuity of our business operations by utilizing remote work from normal times.