Message from the Director in Charge of Risk

Corrective Measures for Fraud at Shimadzu Medical Systems Corporation

In 2022, the Shimadzu Group subsidiary Shimadzu Medical Systems Corporation caused a scandal that resulted in a major inconvenience to stakeholders. Since then we have been steadily implementing recurrence prevention measures in order to correct the issues that caused the fraud. In addition to recurrence prevention measures, we have also been undertaking organizational cultural reforms, implementing measures to increase employee satisfaction and eliminate incentives for fraud, and investing in systems that enable monitoring local workplace activities. We remain committed to ensuring that a similar incident never occurs again.

Risk Management Based on Workplace Experience

Since joining Shimadzu in 1982, I have accumulated a variety of experiences including developing liquid chromatograph systems, serving as the General Manager of the Analytical & Measuring Instruments Division and as President of a sales subsidiary outside Japan. One particularly memorable experience occurred while I was the Division General Manager, during the development of the PCR testing system and corresponding reagents used to combat the COVID-19 pandemic. Some team members felt that the development risk was too high because the pandemic might end before the development was completed. However, through a top-down approach, we managed to achieve the typically 2 to 3-year development process in just 7 months. This rapid development boosted the confidence of our employees and allowed Shimadzu to make a significant contribution to society. Another memorable experience was during the COVID-19 lockdowns while I was stationed in China. Being confined to my apartment for two months made me realize the differences in risk management methods used in different countries. At that time, I had no way of knowing that I would later be in charge of risk management myself.
Since returning from China, I have been the director in charge of risk management since April 2023. Initially, I felt uncertain about taking on so many new responsibilities. However, I already understood the importance of risk management because, even as Division General Manager, I tended to operate in crisis mode, treating every problem as though it could be catastrophic. Therefore, I intend to leverage my experience from working on the front lines to ensure that risks are properly managed.

Summary of First Year of Medium-Term Management Plan and Outlook

Within the Shimadzu Group, risk management measures (countermeasures for risks related to Shimadzu businesses) and compliance/internal controls (measures for mitigating risks associated with the execution of duties) are implemented and function in an organic and integrated manner. Risk management involves eliminating high risks across the Shimadzu Group, in descending order of risk, by implementing countermeasures for commonly experienced global risks. Furthermore, risks are also selected by region and individual companies, assigned priority levels, and broken down by time in order to establish a comprehensive plan for managing these risks.
Globally common risks include economic security (supply chain), labor safety, and cybersecurity risks. Over the past year, we have been developing and preparing risk reduction measures for these three types of risks. Particularly in terms of cybersecurity, which is considered an impending crisis, we are reinforcing measures in cooperation with the DX・IT Strategy Management Department. We are also determining how quickly systems can be restored after a cyber-attack.
Region-specific and subsidiary-specific risks were also assessed to specify risks that require important countermeasures and prepare corresponding countermeasures. Then the Internal Audit Department visited about half of the subsidiaries outside Japan to conduct audits and I also visited local operations outside Japan to check risk countermeasures, and so on, in order to reinforce risk management globally.
 As a result, we have been able to implement risk reduction measures almost as initially specified for the first year of the medium-term plan. Starting from FY 2024, the second year of the plan, we will implement more advanced risk management measures and increase sustainability throughout the Shimadzu Group. Therefore, risk management, internal controls, and compliance activities will be consolidated into one department for implementation as consolidated risk management. Latent risks will be identified, and corresponding countermeasures will be prepared and executed. In addition, we will monitor the implementation status of risk countermeasures as appropriate, visualize the cycle of risk response activities, and implement other activities to provide necessary support.

Issues Becoming Apparent and Corresponding Solutions

On the other hand, some additional issues have become apparent. The first issue is the horizontal deployment of measures to prevent recurrence. Most of the cases that have occurred in the last several years are very similar to cases that occurred in the past or in other departments. The departments where risk cases occurred sincerely review their cases and implement measures to prevent recurrence, but other departments tend to treat the cases as irrelevant to them. This mindset can hinder the effectiveness of recurrence prevention measures. Therefore, we have decided to have departments share information about various risk cases through e-learning workshops and group-wide discussions. This shared information will then be used to implement comprehensive risk countermeasures.
I believe communication within organizations is particularly important for effective risk management. Recently, there has been an emphasis on how psychological safety within the workplace affects performance, which is an excellent example. Business activities function properly, and risks are reduced only when personnel work in an environment where they can freely engage in active discussions. I feel that conducting team learning sessions to learn and apply the necessary knowledge at each workplace, followed by multiple discussions, has increased our mindfulness about compliance.
The second issue is the limited human resources available for implementing risk management at subsidiaries outside Japan. It would be difficult for the Head Office in Japan to properly manage risks for the entire Group globally. Therefore, starting in FY 2024, newly established regional corporate head offices will direct risk management activities for Group companies within their regions, conduct internal audits, and so on. Regional corporate head offices have already started building organizational capabilities to support risk management practices at Group companies, such as reinforcing the human resources available for implementing risk management.

Taking an Active Approach to Risk Management

In terms of ensuring compliance, I believe it is crucial to increase psychological safety levels by fostering a culture that values ethics and by making each workplace more comfortable for employees. We tend to think of risk management and ensuring compliance in terms of their passive aspects, but they also include positive aspects, such as increasing psychological safety, which can reduce risk while enhancing employee engagement. Therefore, the Shimadzu Group will adopt an active approach to risk management, focusing on its positive aspects rather than solely on its passive aspects.

Implementing Sustainability Management

Given the increasing demands for sustainability management, our corporate philosophy “Contributing to Society through Science and Technology” and our management principle “Realizing Our Wishes for the Well-being of Mankind and the Earth” perfectly embody the essence of sustainability management.
Amidst the dizzying pace of changes in global circumstances, my role is to stay vigilant to such changes, take the initiative in establishing countermeasures, foster a corporate culture with high ethical standards based on governance, and cultivate human resources. Though sustainability management does not involve goals, I intend to steadily implement reforms that make the Shimadzu Group a better company.