Governance

Risk Management Initiatives

Group-Wide Risk and Opportunity Management System and Activities

In order to adequately manage risks and opportunities of the Nishimatsu Construction Group, minimize loss, and achieve sustainable growth, the Sustainability Strategy Meeting (Risk and Opportunity Management Committee and Environmental Committee), in accordance with internal rules, collects risk and opportunity information, monitors these across the organization, and comprehensively manages risks for the Group.
The Company designates departments responsible for managing the collected risks and opportunities. Meanwhile, the Meeting monitors risk and opportunity management in a preventative and heuristic manner, and evaluates the effectiveness of management efforts. If any issue is found, the Meeting provides the department responsible for management with recommendations for improvement. At the same time, the Meeting reports to the President and General Managers Meeting regarding the management system for and management status of risks and opportunities, and reports to the Board of Directors following deliberations and approval by the President and General Managers Meeting. The Board of Directors then deliberates on reports made by the President and General Managers Meeting and gives final approval as a corporate decision.

Risk and Opportunity Management Committee

The Risk and Opportunity Management Committee, which is purposed with ensuring adequate company-wide risk management related to risks and opportunities, implements "management of risks and opportunities from a long-term perspective" and "management of risks and opportunities in business activities."
* Please see our securities reports regarding business and other risks.

Management of risks in business activities	Opportunities in business activities and management of risks and opportunities from a long-term perspective
From the perspective of efficacy toward establishing and implementing risk management practices, the Committee makes a judgement on the propriety of the risk assessment results provided by the responsible department and Audit Unit. As necessary, the Committee instructs the responsible department to revise the definition of risk levels and the validity of hypotheses. In regard to risks for which both the likelihood of occurrence and degree of impact are judged to be high, the Committee verifies the outcomes of the concrete countermeasures devised by the responsible department, and monitors the status of risk management on a quarterly basis.	Based on the Sustainability Slogan (Basic Policy) and materiality, etc., the Committee verifies the validity of hypotheses once per year. As necessary, it instructs the responsible department to make revisions, and considers and monitors specific actions to promote sustainability.

Management of risks in business activities

Opportunities in business activities and management of risks and opportunities from a long-term perspective

From the perspective of efficacy toward establishing and implementing risk management practices, the Committee makes a judgement on the propriety of the risk assessment results provided by the responsible department and Audit Unit. As necessary, the Committee instructs the responsible department to revise the definition of risk levels and the validity of hypotheses.
In regard to risks for which both the likelihood of occurrence and degree of impact are judged to be high, the Committee verifies the outcomes of the concrete countermeasures devised by the responsible department, and monitors the status of risk management on a quarterly basis.

Based on the Sustainability Slogan (Basic Policy) and materiality, etc., the Committee verifies the validity of hypotheses once per year. As necessary, it instructs the responsible department to make revisions, and considers and monitors specific actions to promote sustainability.

Information Security Risk Management

The Group possesses important business information, personal information obtained in the course of business, and confidential information related to our business partners. Various measures are being implemented to prevent loss of social credibility and economic losses due to information leaks.

Prevention measures

① Technical measures

Reinforcing measures against computer virus counter and unauthorized access

Visualizing and controlling cloud service use

② Personnel measures

Conducting security training and targeted e-mail drills

Having outside experts assess security and investigate risk

Countermeasures in the event of an incident

Conducting incident response training

Reinforcing cyber resilience for early recovery of systems

Ransomware, targeted e-mails, and other more recent forms of cyber attacks are not just a risk for our Company, and must therefore be addressed across the entire supply chain. In FY2023, we held targeted e-mail drills and workshops on information security for our subcontractor's network, N-NET. The entire Group, including N-NET, will continue to improve information security

Business Continuity Plans

In the event of a natural disaster such as a major earthquake or other crisis that affects the safety and security of society, one of our important social responsibilities is to contribute to ensuring the safety of residents in the disaster area.

To fulfill this responsibility, we have formulated business continuity plans (BCPs) based on the following policies

1preserving human life and ensuring local safety
2minimizing damage and loss
3maintaining the trust of society

We work to continuously improve the BCPs we have formulated and enhance their effectiveness through training that includes employee safety confirmation drills and emergency headquarters practice simulations.

In response to COVID-19, the BCP Countermeasures Headquarters was quickly set up to share information throughout the company and take various measures to prevent the spread of infection.