Toshiba Group places the highest priority on life, safety and compliance (observance of laws, regulations, social norms and ethics) in its business operations. In particular, following the incidents, including that of fraudulent accounting in 2015, Toshiba Group has continuously worked to enhance its internal controls. Despite such efforts, however, several incidents of improper conduct have thereafter occurred within the Group, and we continue to further review and strengthen our internal controls, with a particular focus on countermeasures against risk of future misconduct.

The following summarizes Toshiba Group's current efforts to manage the risk of future misconduct as well as the efforts to enhance its internal controls that have been ongoing since FY2015.

Current countermeasures against risk of future misconduct

The Toshiba Next Plan focuses on risk management, along with growth-oriented investments and improvement of profitability, and provides a framework to prevent recurrence of incidents consisting of a so-called three-line defense, which sets out the policy for Toshiba Group to manage the risk of future misconduct.

Three-Line Defense Approach

We have established three lines of defense, the first line being the frontline business division, the second line being the administrative division, and the third line being the audit division. With clear roles and duties of each division, we will achieve effective risk management by utilizing a checks-and-balances system and ensuring that each division properly fulfills their responsibilities.

Measures to strengthen the 1st Line - Refreshing the Corporate Culture

Continuous messages from top management ("Tone at the top")

We will vigorously continue to build on our past and current efforts of continuously demonstrating our top management's commitment to compliance to the employees of the Group.

Introduction of a personnel evaluation system with an emphasis on behavioral evaluation

In April 2020, we introduced, in addition to our standard performance evaluation, a new activity assessment to evaluate employees' personal integrity with respect to society, the environment, and compliance. This evaluation system is scheduled to be gradually rolled out to the Group companies.

Additional investments in compliance training

In addition to the compliance training program implemented thus far, including e-learning and group training based on particular job functions and positions, we will increase our investment to promote practical training, incorporating more case studies and participatory training methods to reinforce the message.

Outsourcing of a contact office in the whistle-blowing system, re-dissemination of the system, and enhancement of anonymous reporting

We previously established, and continue to operate a direct anonymous whistle-blowing hotline in each of the Legal Department and the Audit Committee of Toshiba. In addition, we have established an external contact office comprised of outside experts. We will ensure that the entire Group is familiar with the system and emphasize the importance of a uniform system and whistleblower protection.

Regular staff rotation

Previously, staff rotated within certain areas of the Group periodically for some functions for the purpose of human resource development. Now, in order to prevent the business operations from becoming too dependent on individual workers, we will also consider and encourage regular staff rotation more broadly to refresh the business teams.

Measures to strengthen the 2nd line - Strengthening the IT system, etc.

Strengthening the cross-functional organization and chains of command for administrative functions

Bearing in mind Toshiba Group's multiple business domains and large number of subsidiaries, we are working on the centralization of the organization and chains of command across the Group to ensure more effective checks and balances.

Implementation of the new risk management system

Although we have thus far developed and operated a risk management system pertaining to compliance, amid the increasing complexity of risks, we will develop and operate a corporate-led plan-do-check-act (PDCA) cycle that establishes subcommittees organized by the management divisions with specialized knowledge for each risk theme as a more effective risk management system based on the actual circumstances of Toshiba Group. We will also promote risk assessment based on quantitative evaluation indicators that apply across the Group using the Risk Assessment Program (RAP).

Systematization of Group-wide incidents

We will systematically organize the incidents of misconduct that have previously been discovered not only within Toshiba Group but also at other companies, and use them as a reference and guide for the development and operation of effective internal controls.

Reinforcement of analytical functions by introducing the next core system

In the next core system, which we are currently preparing to introduce, we will promote the separation of duties and strengthen internal control of operational processes, and consider and promote the introduction of analytical methods to detect signs of misconduct using daily transactional data.

Reduction of the number of subsidiaries

As the business environment surrounding Toshiba Group is changing rapidly year by year, we will integrate subsidiaries that are becoming unable to fulfill their roles initially intended at the time of incorporation and reduce the size of subsidiaries in order to promote the ability to oversee their operations.

Measures to strengthen the 3rd line
- Establishment of a Panel of Compliance Experts, etc.

Establishment of a Panel of Compliance Experts

Amid increasingly complex risks, the Company has set up a senior conference body that will invite the participation of outside compliance experts and promote initiatives to further ensure compliance.

Improved auditing functions

With a checks-and-balances function for both the Administrative Division and the Business Division, the Audit Division is expected to establish auditing methods and conduct organizational audits from its own perspective independent from the executives. As such, in order to deal with a wide range of complicated risks, including risks related to misconduct, we will increase the number of staff and strengthen coordination with the Audit and Supervisory Board members who monitor the performance of the directors of each Group company.

Efforts to enhance the internal controls
that have been put in place since FY2015

We have continuously worked on enhancing the internal controls since the incidents of, including fraudulent accounting in 2015. The following summarizes the key elements that we have worked on up to now

Management policy, governance, and awareness of compliance

Review of Management Policies

The process of selection and dismissal of the President by the Nomination Committee has been clarified, as has the policy on budget formulation from a medium- to long-term perspective.

Strengthening Governance

We have reviewed the composition of the Board of Directors, the Nomination Committee and the Audit Committee, and implemented an appointment process that encourages diversity of expertise and experience, including the fact that a majority of Board members are outside directors. In addition, we ensure that the Internal Audit Division, under the direct control of the Audit Committee, is fully independent from management, and we enhance the Internal Audit Division members' expertise by providing specialized training and encouraging them to acquire specialist qualifications. Furthermore, we strive to ensure the reporting opportunity/mechanism available to all employees by maintaining the internal whistle-blowing hotline direct to the Audit Committee, apart from the hotline that directs to the Legal Department.

Raising awareness of compliance

Our top management regularly sends out messages on corporate culture to all executives and employees, and awareness-raising trainings are made available for executives. We also implement a program aimed at reforming the behaviors of top management based on feedback received from employee surveys.

Strengthening the management decision-making process

As the Company's basic approach to business risk management, we have clarified the management's commitment to decision-making that contributes to sustainable growth and enhancement of corporate value of the Toshiba Group, as well as the policies on acceptable risk limits and exits. Furthermore, the Business Risk Review Committee conducts preliminary risk checks for projects assorted based on predetermined criteria and sets the maximum risk and monitoring items for certain of such projects.

Accounting and Disclosure Systems

Appropriate Accounting

To ensure the independence of Toshiba's CFO from the President, the Nomination Committee is granted a veto right over the selection and dismissal of the CFO. In addition, the Finance & Accounting Divisions of the Toshiba Group's spun-off companies are under the direct control of the Toshiba's Accounting Division, which is responsible for financial accounting functions, in an effort to consolidate human resource authorities in the hands of the CFO. Furthermore, we are working to strengthen the collaboration between the CFO and the Audit Committee in the account closing process, and have established the Project Monitoring & Oversight Division. With respect to the Project Monitoring & Oversight Division, we have tightened its order management criteria and have expanded project review functions by ensuring appropriate accounting.

Strengthening the Disclosure System

In addition to establishing a dedicated organization for information disclosure, we have reviewed our policies to ensure that information is disclosed in a timely manner and clarified the criteria on items including categories to be disclosed and information gathering for disclosure.

Tightening of subsidiary management

We have clarified the standards for reporting from Group companies to corporate headquarters and the standards for dispatching officers to Group companies in order to more effectively monitor subsidiary activities.

Toshiba Group's overall efforts toward risk management and compliance can be found here:

We plan to update information on compliance.

Toshiba Group believes that "compliance is a never-ending continuous journey." We will continue to enhance our internal controls, keeping in mind that a single case of misconduct can destroy everything that the entire Group has thus far strived to build up.