Delivering Aligned Assurance

March 2025

Focus Area 6: Corporate Governance

As the business environment has evolved dramatically, risks faced by companies have become both more diverse and more volatile in recent years. Accordingly, it is increasingly vital that Olympus, as a global manufacturer of optical and digital precision technology for medical devices, uses advanced risk management. In April 2023, the Olympus Group established a global Governance, Risk and Compliance (GRC) organization to manage risks in an integrated manner across the enterprise. Our head of GRC explains this organization’s purpose and mission, as well as the Olympus Group’s approach to risk management.

Eva Gardyan-Eisenlohr

Global Chief Compliance Officer, Executive Vice President

Biography note

Establishing the Global GRC organization and implementing integrated risk management

Q. Please tell us about the mission and role of the Global GRC Organization.

A. Our responsibility is to support risk owners in identifying, analyzing, evaluating, and mitigating risks, in line with the company’s business strategies.

In the past, the Olympus Group managed four risk areas—Risk & Control, Compliance, Privacy, and Information Security—with each risk area separately overseen by a dedicated department. In recent years, however, we have seen the business environment surrounding companies change dramatically, with an increase in risks such as cybersecurity attacks; natural disasters; and geopolitical tensions to just name a few. New technologies, too, are having a major impact. Therefore, to effectively and efficiently identify, assess, mitigate, and monitor the risks Olympus is exposed to—and report and discuss these with management—a comprehensive Governance, Risk & Compliance (GRC) organization has been formed.
This organization now drives management of the four above-mentioned risk areas in a more efficient fashion, to provide “Aligned Assurance”. By aligning risk management across the four risk areas, management can now make more informed and appropriate decisions that enable the success of the company. Our vision is to leverage risk management—both to protect value by safeguarding the business and achieving resilience, and to create value by enabling informed decision-making and appropriate risk taking that drives long-term sustainable value creation.
Aligned Assurance enables us to improve decision-making through a unified view of risks across the enterprise, and to enhance the effectiveness of our governance framework. This can give our stakeholders even greater confidence in how we manage risks and ensure compliance with global standards. Through our collaborative approach of “Guide, Partner, and Safeguard,” our Global GRC team enables the company to navigate today’s complexities and uncertainties with integrity, confidence, and resilience.


Achieving Alignment

Q. How will Global GRC manage risks in an integrated way?

A. We are focusing on five key themes, beginning with the harmonization of risk management across different regions.

As a leading global MedTech player, Olympus is implementing five steps in order to appropriately manage risks:
Firstly, we have undertaken the standardization and harmonization of risk management methodology across all regions.
The next step is linking the risk management insights gathered by GRC to corporate strategy. This enables value creation and sustainable growth, by proactively managing risks that could hinder our strategic objectives.
Thirdly, we engage in regular communication and close collaboration with risk owners (those responsible for risk management in each department), these internal partnerships have proven to be of utmost importance.
The fourth step is to embed accountability for risk management within the organization and foster a risk-aware culture. We continue to promote the understanding for compliance and controls in daily work activities. This ensures business operations are conducted with integrity and proactive risk management.
Finally, as we apply these steps to company-wide risks, we seek to reduce the likelihood of risks materializing and their impact should they arise.

As a leading global MedTech player, Olympus aims to achieve integrated risk management through:
Unified Risk Framework: A common risk management framework that aligns with the organization’s strategic goals, ensuring consistency across all divisions, regions, and functions.
Integrated Risk Assessments: Coordinated risk assessments across business units and regions to identify, evaluate, and prioritize risks in a holistic manner.
Data-driven Approach: Centralized overview to capture, monitor, and analyze risks and remediation activities, enabling real-time visibility and informed decision-making. Supplemented by continuous risk intelligence from both internal and external insights.
Collaboration Across Assurance Functions: Close collaboration across the three lines of business to eliminate silos, reduce duplication, and enhance efficiency.
Continuous Monitoring and Reporting: Implement dynamic risk monitoring and standardized reporting, to provide actionable insights and ensure timely escalation of emerging risks to leadership and stakeholders.


Collaborative work in Risk Management Process

Strengthening risk management, for the continued global supply of medical devices

Q. Tell us about the specific initiatives currently being undertaken.

A. We are simultaneously enhancing both our revised Enterprise Risk Management (ERM) framework and Business Continuity and Crisis Management processes.

An enterprise risk management framework is now in place, and we are working on both continuous improvement of this framework and further refinement of our ERM methodology. Our ERM framework provides business leaders with the tools to identify, evaluate, and manage risks in their respective areas, supplementing their expertise and sound judgement with data-driven insights. The framework provides a single common language for discussing risks, and enables informed decision-making and compliant disclosure of risks. Thanks to this, the company can make informed decisions by seizing opportunities and taking calculated risks that drive innovation and growth, while ensuring compliance and patient safety are at the core of our mission.
Additionally, we are working on strengthening our Business Continuity and Emergency & Crisis Management processes to further enhance the company’s resilience. We must ensure the stable supply of our products to doctors and patients worldwide, and should any issues arise, it is crucial to recover and get back to normal as swiftly as possible.
Risk management is a constant journey of learning, experimenting, and improving. We are constantly faced with new risks, and amid these, new methods of risk management become necessary to sustain our business. Therefore, we are also paying attention to factors beyond our own company. The impact upon our business of global political and economic trends is clear, and we want to utilize our insights and perspectives on the risks that these trends may bring. Currently, we are also conducting risk analysis based on diverse types and sources of data. In risk management, too, digitalization is advancing, and we aim to undertake more appropriate risk management.

Q. Lastly, what is your message to our stakeholders?

A. Olympus is further strengthening governance, risk, and compliance, while contributing to the advancement of the company’s business strategies by providing Aligned Assurance.

Olympus aims to achieve growth as a global MedTech company. When making business strategy decisions, GRC supports business growth by incorporating a risk perspective into the business decision. This allows us to address emerging risks early on, ensure business continuity, and manage crises if need be. We are committed to working with the company as a whole, to ensure the sustainable supply of our products to physicians and patients worldwide. 

Biography note of Eva Gardyan-Eisenlohr

Also recommended