Corporate Obligations and ResponsibilitiesFortifying Internal Control

In order to fortify internal control, we carry out a combination of audit functions for business operations and evaluation functions for internal audits. The Internal Audit Office is in charge of audit functions for assurance services, SOX evaluation for consulting services (advising), and secretariat function for incident management activities.

Audit Functions

Auditing is performed on all aspects of business, including subsidiary companies. As such, internal audits are approached from an independent, third-party standpoint, so that the appropriateness of corporate procedures and management systems may be evaluated objectively. Based on the risk approach, we prioritize more critical auditing areas, themes, and target departments while we pursue a variety of internal audits, including audits on business, system, information security, departments and Group companies.

SOX Assessments

In response to the Japanese version of the SOX Act (J-SOX Act), which went into effect in April 2008, we have created an internal control evaluation team responsible for evaluating and improving internal controls. In this way, we promote, establish and make continuous improvements in the documentation, evaluation, and self-inspection of the internal controls introduced. The basic plan for internal control assessments in regard to financial reporting was determined in December 2006 and is renewed every year. IT control for information systems is especially regarded as essential to appropriate financial reporting, thus we provide and improve management systems for all aspects of its development, operations, and maintenance.

Incident Management Activities

We pursue incident management activities in order to manage work-related incidents, including major service flaws, such as system failures and accounting mistakes, and late payments resulting in losses to our partners.
The Internal Audit Office assumes the role of the secretariat, and supports and monitors the activities conducted mainly by persons responsible for incident management promotion appointed in each service companies and groups.