Risk Management System
Basic Approach and Policy
The Olympus Group implements risk management initiatives to realize its basic management policies, which include its Corporate Philosophy and management strategy. Specifically, based on the "Policy of Risk Management and Crisis Response" and related rules, the Olympus Group undertakes risk management from the perspective of both "offense" through active and appropriate risk taking leading to sustainable growth and value creation for the Company and "defense" to prevent illegalities and accidents.
A crisis management process has also been established to minimize the impact of unforeseen incidents on corporate value.
Policy of Risk Management and Crisis Response
Promotion Structure
Organizational Setup (Fiscal Year Ended March 31, 2024)
Olympus has established a new committee structure on both the global and regional level by setting up Global and Regional Risk Assurance and Compliance Committees (G-RACC and R-RACC, respectively; collectively called the “RACCs”). The GRACC consists of Group Executive Committee (GEC) members, and the RRACCs comprise board members in each region. The objectives of the RACCs are to establish, implement and manage a framework for addressing enterprise risk and complying with applicable policies, laws, and regulations. Recommendations, guidance, and significant risks are regularly reported to the GEC, Board of Directors, and Audit Committee for ongoing monitoring.
Olympus also has identified and collaboratively nominated Risk Owners, that is, Global Division and Function Heads and Regional Division and Function Heads and respective Risk Coordinators responsible for managing risks. Each Risk Owner is accountable for executing the necessary measures (organizational structure, process preparation, focus measures, etc.) in their designated area of risk. This framework is based on the concept of the Three Lines Model as defined in our Group’s Internal Control Framework. The Internal Audit Function provides regular audits to Risk Owners (1st Line) and GRC functions (2nd Line) based on their annual audit plan.
ERM Methodology
Risk Categories
Olympus has established the global Enterprise Risk Management Methodology and Approach that includes five calibrated Risk Categories (1. Strategic (incl. External), 2. Operations & Product, 3. Financial, 4. Governance, and 5. IT & Digital,) and corresponding Risk Sub-Categories.
Risk Evaluation Method
Olympus also has introduced the following three Risk Evaluation Criteria (1. Exposure, 2. Vulnerability, 3. Velocity) to evaluate and display each individual risk that might have an effect on the achievement of Olympus’s business objectives, as well as on corporate strategy:
- Exposure is determined by likelihood and impact. Likelihood indicates the probability of a risk materializing, while impact assesses the severity of the consequences if a risk does materialize. Likelihood and impact levels are defined as quantitative (financial) or qualitative criteria.
- Vulnerability refers to how well the organization is prepared to manage a risk if it occurs.
- Velocity indicates how fast Olympus would be affected by a risk after it occurs.
Based on these three criteria, Olympus actively identifies, mitigates, and monitors risks. Mitigation measures are regularly reviewed and tested for effectiveness. Olympus also has introduced a so-called 3D-Risk Matrix to visualize and manage risks. It combines the Exposure with the perceived Vulnerability and adds the Velocity to the assessed risk. The matrix is split into four quadrants. Each of them gives an indication how the risk should be dealt with. Furthermore, Olympus has introduced an updated IT application based on databases and dashboards to facilitate better and informed risk-based decision making.
ERM Process
Risk Management
The main components of the Enterprise Risk Management Process are:
- Risk Assessment to identify, analyze, and evaluate risks.
- Risk Treatment to mitigate risk and coordinate and execute risk management activities.
- Risk Monitoring to design and implement monitoring procedures on risks and evaluate the effectiveness of risk treatment activities.
- Risk Reporting to aggregate and valuate risk and mitigating measures and report to relevant stakeholders regularly. Risk Reporting is developed and deployed internally as part of the annual plan. The status of the Group's response to top risks is regularly reported to the GEC, Board of Directors, and Audit Committee for continuous monitoring.
The Enterprise Risk Management Process is based on strong collaboration between the Risk & Controls Function and Division/Business Functions following the principle of the Three Lines Model. Olympus is developing and executing these global-aligned ERM processes at both the global and regional levels. Risk & Controls is responsible for providing, maintaining and developing the Enterprise Risk Methodology and operational guidance. We are promoting the spread of the new organizational structure and methods within the Company. We are continuously fostering our risk culture in our business operation levels through training and workshops with Risk Owners, Risk Coordinators, and other 2nd Line functions.
Crisis Management
Any major incident that is highly likely to affect business management in the Olympus Group is reported promptly to the president and other senior management and handled appropriately by the managers in coordination with relevant divisions. Furthermore, we continue to conduct annual training exercises in anticipation of emergencies, ensuring the ongoing review and refinement of response processes. Our aim is to minimize damage in the event of large-scale natural disasters and similar incidents.
BCM/BCP
In terms of business continuity management (BCM), we strive to develop practical plans that emphasize the value chain. To support this, we have established internal rules and procedures for BCM and consistently work on improving BCM practices. Additionally, we conduct regular education and training programs to enhance the effectiveness of our BCM.
Moving forward, we will continue to prioritize the health and safety of our employees, medical professionals, patients, and communities, while implementing the best measures to maintain the supply of our products and services.