Risk Management

Basic Concept for Risk Management

Anticipating various risks associated with management, the OYO Group is making efforts to develop a system to prevent the materialization of risks and respond to them when materialized.

When natural disasters occur, OYO Corporation conducts initial investigations for recovery and support in the damaged areas, based on requests from administrative bodies, etc.

To securely perform this mission, the Company has prepared measures and organizations to analyze various risks and avoid possible problems in advance, and established its own risk management system for prompt recovery in the case such disasters should occur.

Management Risk Control System

OYO Corporation predicts various risks and is making efforts to develop a system to manage such risks, with the President as the general manager and Administration Headquarters as the department in charge.

Management risks of the Group as a whole are reviewed every year and reported to the Board of Directors. At the same time, each department prepares and executes a risk prevention plan, including identifying risks and countermeasures against them.

Business and Other Risks and Main Measures

The main risks that affect management performance, stock price, financial position, and the like of the OYO Group include the following.

Risk related to the high proportion of orders from the public sector

The Group's business performance may be impacted by a decrease in orders from our primary clients, which include national and local governments.

Factors that could lead to such a decline include a worsening of their financial status, a reduction in business volume, changes in their procurement practices, or the suspension of nominations due to unforeseen events or circumstances.

We are working to reduce such risks by promoting breaking out of a traditional business model that is dependent on public works.

Risk of liability for defects in deliverables

The Group conducts various survey operations and manufactures and sells measuring instruments in each business.

If defects (contract nonconformities) occur in such deliverables and the Group receives large damage compensation claims, this may affect business performance, etc.

We are working to reduce such risks by ensuring and improving quality through introduction of quality management systems (ISO9001) and implementation of strict reviews, and by purchasing liability insurance as a risk mitigation measure in case liability for defects in deliverables occurs.

Foreign currency risk

The Group operates in Japan and internationally, with overseas subsidiaries primarily in North America and Singapore conducting business in their local currencies.

As a result, fluctuations in foreign exchange rates may impact our financial position and overall business performance.

We are actively considering measures such as forward exchange contracts as necessary to mitigate such risks.

Risks related to climate change and natural disasters

If the Group experiences earthquakes or natural disasters related to climate change, such as typhoons, heavy rains, and floods, or any other unforeseen disasters like fires, it could lead to a decrease in business operations or production capacity.

This decline may occur due to damage or loss of production equipment and data, as well as the loss of human resources, which could ultimately impact the business performance. These events can lead to damage or loss of production plants, data, loss of human resources and subsequent effects on business activities, including decreased production capacity.

Additionally, developments such as the introduction of a carbon tax and the adoption of environmentally friendly equipment may increase business operational costs.

We are working on climate change countermeasures while aiming for carbon neutrality by reducing greenhouse gas emissions to net zero by 2050. We have also established a business continuity plan (BCP) anticipating the occurrence of disasters and implement inspection and training in accordance with the plan. Furthermore, we have continuous assessed and monitored the effect of climate change on business operations.

Risk related to the occurrence of a global spread (pandemic) of infectious disease

Due to the global spread of infectious disease, the Group's business may be adversely affected by a decrease in demand, delivery delays, shortages of parts and materials, and increased procurement costs in the supply chain. These factors could impact overall business performance.

We are working on initiatives for minimizing the impact by anticipating various risk scenarios.

Risk related to international conflicts and terrorism

If an international conflict or act of terror occurs in a country or region where the Group operates and is involved in the conflict activity or armed action, it may cause a significant impact on our operations, such as disruption or stoppage of business.

In addition, with the prolongation of the Ukrainian conflict, its impacts on the global economy, such as soaring energy and raw material prices, may also continue.

We collect information related to public safety and the latest economic situations in foreign countries as required.

Risk related to intellectual property

If an injunction is filed against the use of intellectual property or a claim is filed requesting cessation of trademark use or compensation for damages related to the Group's services or products that utilize proprietary technology, the Group's business performance may be affected.

We are working to reduce such risks by managing the appropriate intellectual property by establishing a responsible organization.

Risk related to resource price fluctuations

If a slump in resource prices, contraction of the resource development market, or similar event occurs, the business performance of overseas subsidiaries selling natural resource exploration equipment and systems may be affected.

To tackle such risks, we are reviewing the business portfolio, such as reduction of resource dependency through the development of new markets.

Risk related to data fabrication / falsification / appropriation

If data fabrication or falsification occurs in violation of internal rules, or if past data or other data is misappropriated, it may result in loss of credibility and claims for damages, which could affect our business performance.

We have mitigated the manifestation of these risks through rigorous compliance education, and we are validating business processes and reviewing business manuals at the ISO Management Business Audit Office.

Risk related to security management of IT systems

If the IT system stops, ransomware attacks occur, or information leaks occur due to computer viruses or unauthorized access by malicious third parties, it may have a significant impact on business operations.

We are committed to enhancing the safety and information security of IT systems, while also establishing related rules and regulations. We work to reduce these risks by strengthening defensive measures against ransomware attacks and conducting regular training to address suspicious e-mails from external sources.

Risk related to securing talent

As the working population declines due to the declining birthrate and aging population, if securing and nurturing superior talent with high-level expertise does not proceed, our operations and business performance may be affected.

We are promoting health management to systematically support actions to maintain and enhance employee health. At the same time, we strive to reduce such risks by promoting the creation of a pleasant working environment and improvement of employee engagement, enhancing training systems, and ensuring stable recruitment of new graduates and securing superior mid-career recruits.

Risk related to legal regulations

The Group is subject to various laws and regulations in Japan and abroad where it operates. If these laws are revised or if new regulations are introduced due to changes in social conditions or other factors, it may impact the Group's financial position and business performance.

Furthermore, if a regulatory authority determines that any part of the Group's business transactions violates laws or regulations, the Group may face administrative consequences, such as fines or a loss of public trust.

We actively and continuously collect the latest information on relevant laws and regulations as required, including developments related to their revision. We also have mitigated the manifestation of these risks thorough internal education on legal compliance.

Risk of impairment of assets held

In the event of a significant decline in the market price of the securities held, a deterioration in the financial status of the relevant companies, or similar circumstances, there may be an impact on the financial position and business performance of the Group.

In the event of a decline in the price of real estate owned or similar assets, the Accounting Standard for Impairment of Fixed Assets may be applied, which could potentially impact the Group's financial position and business performance.

Risk related to deferred tax assets

If a significant change occurs in the estimate of future taxable income or there is an institutional change, it may result in a decrease in deferred tax assets that have been booked and affect the Group's financial position and business performance.

Initiatives

Business Continuity Plan (BCP)

When large-scale natural disasters occur, the OYO Group will promptly establish a system to secure the continuation of its business and conduct support and recovery / restoration activities for the damaged areas, recognizing this as its social mission.

Based on the business continuity plan (BCP), the Group will set up a local disaster countermeasure headquarters and/or a disaster countermeasure headquarters at the head office, depending on the scale of the disaster, to address the situation.

Outside of times of disaster, meanwhile, the Group conducts internal training based on its BCP. The basic policy of the BCP is as follows.

Place the utmost priority on securing the safety of the employees and their families, as well as related persons of business partners, etc.
Promptly recover the business operation system and make company-wide efforts to work for the safety and recovery of damaged areas in response to requests from central and local governments.
Prepare an emergency business continuity manual and conduct training for putting it into practice, while continuously improving its content.

Certified as an Organization Contributing to National Resilience (Resilience Certification)

OYO Corporation has obtained "Business Continuity and Social Contribution" certification for organizations contributing to national resilience (Resilience Certification) based on the "Guideline for the Certification of Organizations Contributing to National Resilience" published by Japan's National Resilience Promotion Office of the Cabinet Secretariat.

Aimed at promoting wide-ranging resilience across society by promoting proactive endeavors for business continuity (BC) at companies, schools, hospitals and other various organizations, the Resilience Certification certifies operators proactively working on BC as an "organization contributing to national resilience."

Endeavors in Information Security

As one of our primary business areas, we handle numerous contract-based services that we undertake upon request from our customers, as well as a variety of information services that process various data and provide them as system solutions. Given the nature of these services, the handling of confidential information is frequent, and information management is considered one of the most critical aspects of our business operations to ensure reliability. Therefore, we have established and operate the information security management system based on ISO 27001.

We have also formulated a basic policy for information security and other information security policies across the entire Group and are working to reinforce information management.

In addition, we have repeatedly conducted simulated training against targeted e-mail attacks from outside for officers and all employees in an effort to heighten their awareness of information security. Furthermore, we implement periodic vulnerability diagnosis and, as needed, penetration tests for external public servers (including those of Group companies), to continuously improve and enhance our countermeasures against cyber attacks represented by ransomware.