Risk Management

Basic Policies for Risk Management

IHI group recognizes risk management as a top business priority and strives to strengthen it.
The basic approach to risk management entails making business continuity plans, ensuring the safety of employees and their families, conserving corporate resources and retaining society’s trust. IHI manages risk based on its Basic Code of Conduct, adhering to the following action guidelines:

  1. Ensure the continuity of the IHI Group’s business operations
  2. Improve the public reputation of the IHI Group
  3. Protect the IHI Group’s managerial resources
  4. Avoid jeopardizing stakeholders’ interests
  5. Achieve prompt recovery from damage
  6. Take responsible action when risk event occurs
  7. Meet social request regarding risks

Risk Management System

The chief executive officer (CEO) of IHI is responsible for implementing the company's risk-management system. The Risk Management Conference controls risk-management activities under the leadership of the CEO as its director.
The Risk Management Conference identifies key risks, and sets out the Key Policies on IHI Group's Risk Management. IHI's head office, business areas, business units, and affiliated companies establish their risk-management plans based on the policies and their individual business plans, assessing and reporting the achievements to the Risk Management Conference annually. Corrective actions and management improvements are reflected in the following year's plans.
Regarding commonly existing risks in the IHI Group, the Group Risk Management Units take responsibility for supporting each division, as well as monitoring the implementation of the rules and developing effective risk management measures.
The Internal Audit Division conducts audits to determine the status of the Group-wide risk management system, and orders correction as needed.

To further strengthen risk management, IHI established a Project Risk Management Division at its headquarters and Risk Management Arms within each business area in FY2017. Through collaboration between these organizations, IHI has established a system that facilitates the efficient risk review and monitor of large-scale orders and investments.

Risk Management System

Risk Management System

As of April 1,2017

Topics in FY2016

The main activities in FY2016 were as follows.

1.Prevention profit deteriorations of large-scale projects
In 2016, profit deteriorations occurred in some large-scale project. It was found that the project's initial plan flaws were major reasons for the deteriorations, so the following corrective actions have been implemented since 2016: (1) risk identification for machinery or project with no or little experience; (2) project review by certificated experts; and (3) technology, project resources and contract review especially in new field business. Risk management systems for ongoing projects were also strengthened to detect and cope with project performance decline immediately.

2. Improvement for quality management and operation system
Led by the Monozukuri System Strategic Headquarters (established in FY2015), IHI promoted the restructuring of its quality assurance system. Quality compliance issues were revealed by companywide inspections, and deployed to our group companies with corrective activities. They have improved the Quality Management System and QMS activities (education & training, supplier evaluation/reviews, other reviews, and standardization). In addition to the enhancement of the auditing system, they have also focused on quality management including joint ventures and procurements. IHI group is taking continuous actions to strengthen IHI's monozukuri (precision manufacturing) capabilities.

3. Implementation of large investment review system
In regards to large investment projects of IHI group companies, the review board inspected validity of the plans, confirmed the progress regularly and conducted tollgate review under the new review-system.

4. Reformation of workstyles
The effectivity of working hour management was assessed by monitoring monthly hour data. In addition, the policy on overtime work was deployed to each division as well as the measures for its reduction. In response to recent government initiatives relating to extra-long working hours, We are working on the eradication of long working hours, by improving productivity through work-style reforms.

5. Occupational safety and health
To eliminate accidents and enhance occupational health and safety levels, IHI group is carrying out the prevention of recurrence of the accident thoroughly, and identifying the potential hazards through risk assessment.

Key Policies for Risk Management in FY2017

The deteriorating profitability of certain large-scale projects and affiliated companies pushed IHI business results below expectations in FY2016. In terms of safety, we were unable to achieve zero accidents within the IHI Group.To minimize such risk and respond appropriately when risks do arise, the company is taking steps to reinforce its risk countermeasures based on past experiences. IHI is focusing on the following risk activities in FY2017.

  1. Thoroughly manage safety
  2. Ensure profitability through steady implementation of large-scale project and risk-management system
  3. Reform quality and operational systems
  4. Reform workstyles to shorten working hours for employees
  5. Respond to changes in business and competitive environment
  6. Ensure appropriateness of large-scale investments
  7. Respond to risks in execution of global strategies
  8. Strengthen compliance
  9. Prevent leaks in trade secrets, personal information and key technologies
  10. Ensure information security
  11. Strictly comply with environmental laws and regulations
  12. Prevent disasters and accidents
  13. Recover trust of stakeholders
  14. Promote diversity
  15. Prevent harassment
  16. Promote human rights education and awareness activities

Project Execution System

Establishment of Project Risk Management Division

After recording significant losses in large-scale projects between FY2014 and FY2016, IHI strengthened its risk management system by establishing the Project Risk Management Division in April 2017. This division analyzes the potential risks of large-scale projects and investments to ensure consistent and profitable implementation. It was established by consolidating functions for pre-bid assessments and ongoing-project monitoring, which had been separated. The consolidation has made it possible to strengthen ongoing project monitoring with awareness of risks identified during pre-bid assessments, and then reflect lessons learned during monitoring when conducting other pre-bid assessments. The result has been a more robust risk-management system.

Strengthening our review process for large-scale projects

To strengthen its project-review process, IHI is working to thoroughly and rigorously review and identify risks and other aspects of projects and equipment for which it has no prior experience, recognizing that failure to do so in the past led to losses. Efforts are also being made to improve the accuracy of estimates and strengthen monitoring structures. Visualization of project progress and review by key experts at each stage is expected to help ensure steady implementation of large-scale projects and avoid declines in project profitability.

Support framework for largescale projects

Support framework for largescale projects

What is tollgate monitoring?
A system in which stages are set in individual projects for each major milestone from estimate to delivery, and major deliverables created by the project manager or proposal manager (estimate creator) , etc. are reviewed by executive management and other relevant individuals in each stage. In tollgate monitoring, you must clear and solve the conditions set at each stage before proceeding to the next stage.

Project Auditing System

The Project Risk Management Division evaluates large-scale projects with high contract values, including construction projects subject to the percentage of completion method*, to ensure that they are being executed properly. Matters for review include project management, risk assessment criteria and the transparency of calculating estimated profitability.
As of the end of FY2016, 89 projects worth about 15% of consolidated sales were being audited. Large-scale projects undertaken either in Japan or overseas are audited for:

  • Adequacy of the execution system and execution plan after the order is received
  • Appropriateness of the final cost estimate in view of current progress
  • Transparency, appropriateness and timeliness of the estimated profitability

For projects that either are worth large amounts or are turning unprofitable, the Project Risk Management Division goes on-site to verify the state of progress and holds discussions with personnel in charge. The division strives to quickly detect and correct factors leading to declines in project profitability, as well as to support unprofitable divisions. In addition to seeking solutions to unfavorable situations, it shares feedback and works to improve the accuracy of profitability estimates for future projects.

When preparing estimates for large-scale projects, a project-execution risk-screening process is implemented to verify execution systems, the validity of the execution plan and the profitability of the project. Continuous follow up is carried out to maintain profitability after any project is acquired.
To ensure both adequacy and timely rectification, audits and risk assessments of construction projects are done repeatedly, including locally, and efforts are made to further enhance auditing quality. Each division's activities are independently audited and evaluated. Prior to an audit, the division is notified of the items to be reviewed, and upon completion of the audit the results are communicated throughout the IHI Group. In some cases, the results are used as case studies for training purposes.

For large-scale construction projects that span more than one accounting period, rather than recognizing revenue after construction is completed, it is recorded as a per-year amount in line with the progress of work.

Activities in FY2016

IHI continue analyzing cases of declining profitability by facility type, including the configuration of equipment facilities or units where such declines occur. Going forward, this analysis and giving feedback to business operation division are expected to help prevent losses in projects, including by identifying causes at an earlier stage.

Business Continuity Plans (BCP)

IHI has internal regulations requiring each office and division to prepare for serious disasters.
In May of each year, which is designated as BCP Review Month, each division reviews its own BCP to ensure that all employees are registered in the safety-confirmation system, distributes pocket-sized disaster-prevention information cards, updates the telephone-contact chain and verifies the number of emergency kits. Regular training enables IHI to check and more widely promote its BCP plan. Moreover, for emergency response drills, the hypothetical emergency is changed each time to test BCP from diverse angles.

Pocket-sized disaster-prevention card distributed to all employees

disaster-prevention card distributed to all employees

Topics in FY2016

In December 2016, IHI earned a Resilience Certification to acknowledge its achievements in strengthening business continuity and thereby contributing to Japan’s resilience against disasters.
The certification system is based on guidelines stipulated by the Japanese government to promote a more resilient nation.
Since FY2016, IHI has carried out activities under a new three-year disaster-prevention plan aimed at improving company resilience, with an ultimate aim to become the most disaster-prepared organization in Japan.
IHI will continue ceaselessly to improve its disaster preparedness, mindful of its responsibility as a corporation supplying critical infrastructure both in Japan and around the world.

Resilience authentication

Maintaining and Improving Information Security

Information Security Policy

IHI, under its information security policies, strives to effectively manage information while maintaining and improving information security to protect the confidentiality of its customers and business partners, as well as Company information and technical data.

Information Security Measures

IHI addresses information security risks from three perspectives: rules, tools and education.
Internal rules include the Information Security Policy, Information Security Standards and Information System User Regulations.
Various security tools, including frequently updated antivirus software, are deployed.e-learning sessions designed to maintain and raise security awareness are held annually. In FY2016, 98.5% of all employees participated in an e-learning program.
Computer virus infections caused by targeted e-mail attacks made headlines in 2011. Since even before then, however, IHI has been working with government agencies and specialists to institute countermeasures against attacks. As of March 2017, IHI has not reported any leaked information or related damage.

Information Security Management System

The Information Security Committee consisting of representatives from IHI's major divisions and Group companies meets quarterly to coordinate planning, operations and inspections on a yearly basis.
Every year since FY2005, IHI has conducted an internal audit of its information security measures and provided guidance on improvements. A written survey of all 48 Group companies was conducted in FY2016, followed by interviews of five selected companies. The audit found no major flaw in security measures.
If a serious information security event were to occur, IHI would respond in accordance with the Basic Rules on Crisis Management for the IHI Group.

Divisions and Group companies engaged in sensitive projects for the national government are subject to annual certification reviews under the ISO27001 international standard for information security management systems, which is conducted by an external organization, to maintain a high level of information security.

Topics in FY2016

In accordance with two sets of rules —the Information Security Policy for the IHI Group formulated in 2015 and the Basic Rules on Information Security for the IHI Group—we built frameworks for information security and promoted related activities, including for affiliate companies within Japan and abroad. Thirteen overseas companies were educated about information security via e-learning.

Plans in FY2017

To ensure that Group companies in Japan and abroad establish sound systems and practices for information management, they will implement PDCA activities concerning information security. They also will use ICT to build security measures into their everyday operations.

Protecting Intellectual Property

Basic Policies

IHI is enhancing its intellectual property (IP) activities to support business and R&D. It also manages a Group-wide IP management system. The basic principle is to protect Group IP while respecting the rights of third parties.
To protect its technologies and trade secrets, the company is strategically managing business and product IP through rights acquisition and confidentiality measures.

IP Protection and IP Rights of Third Parties

IHI views both foreign and domestic patent applications as being equally important. Patent applications filed by IHI outside Japan have increased along with expanding global business.
To reduce related business risks, a team specializing in patent searches in the Intellectual Property Department looks for patents owned by other companies to ensure respect for third-party IP rights.

Owned patents (Japan and abroad)

Owned patents (Japan and abroad)

Owned patents by location (FY2016)

Owned patents by location (FY2016)

IP Education

Employees learn about IP in their first to fifth years at IHI via e-learning. Moreover, business operation divisions and group companies impart general education covering patent audits, rights acquisition policies, copyrights, brand protection and more. In December 2016, outside speakers were brought in to lecture on IP that effectively made the workforce more aware and knowledgeable of the most recent business strategies and IP activities.

Topics in FY2016

Efforts to realize targets under Group Management Policies 2016

To strengthen earnings, one of the targets of Group Management Policies 2016, strategic activities regarding intellectual property were carried out. An increasing number of patents related to global business were filed abroad and IHI’s IP portfolio was strengthened with a view toward rights utilization. Also, protection of IP rights was strengthened and business risks for the overall Group were mitigated.

Plans in FY2017

In 2017, with the aim of increasing incentives for inventors and further utilizing IP rights, IHI revised company rules relating to the handling of IP rights in July. The company is focusing on IP utilization not only in terms of quantity but also quality, and further strengthening strategic IP activities suited to each IHI business in order to achieve the targets of Group Management Policies 2016.

Page Top