We strive to accurately identify and assess the complex and diverse risks inherent in the business environment and to implement risk prevention measures and systems needed to minimize those risks. For instance, our risk management system is intended to cover our action plans not only for large-scale natural disasters and pandemics, but also for risks related to changes in the business environment—such as economic and social conditions, laws and regulations—and other risk factors inherent in our business processes—that is, in the exploration, development, production, transportation, and sale of natural resources. We have implemented internal controls under Japan’s Financial Instruments and Exchange Law (known as “J-SOX”) based on the COSO3 framework. Each Project Division also performs risk management related to occupational health, safety and environment under the HSE4 Management System.
Additionally, we analyze the impact of fluctuations in oil prices and foreign exchange rates and disclose this information at every financial result briefing.
3 The Committee of Sponsoring Organization of the Treadway Commission
4 Health, Safety and Environment
Risk Management System
We are committed to continuously improving our risk management system, which is designed to identify and manage the risks associated with business operations. We establish systems that prevent and minimize the occurrence or spread of loss or damage to maintain and reinforce the trust of our customers, business partners, investors and other stakeholders, and to maximize our corporate value.
We have adopted a division system in the Company and assign Directors and executive officers as the head of each division to establish a system of responsibility and efficiently manage business operations. The divisions work closely together to conduct risk identification, analysis, and evaluation in accordance with our internal regulations, guidelines, and other rules. The material risks identified are reported to the Executive Committee and/or the Board of Directors, which provides comprehensive reviews and decisions on action plans to manage those material risks. For example, when acquiring concessions and formulating development plans for exploration and production (E&P) activities, various scenarios are developed for expected reserves, predicted production volumes, and oil prices. At these times, risks are identified, analyzed, and evaluated.
As regards the operational status of the risk management system pertaining to day-to-day business operations, we conduct continuous monitoring in each department in charge and cooperate with the relevant corporate departments. Regular examinations and assessments are also conducted either by an internal audit team that reports directly to the President & CEO or by external experts. By giving feedback on these results to each department in charge, we can review and update our risk management system related to day-to-day operations to respond to changing conditions in the business environment in a timely manner.
Furthermore, to realize Medium-term Business Plan and other main business objectives, the Executive Committee discusses and approves the Fiscal Year Plans & Targets in which annual goals for each department are defined in a manner to reflect the short- and medium-term goals. This process also incorporates identified material risks and associated mitigation/management plans. Each department subsequently carries out initiatives to achieve its targets and reviews its progress at the middle and end of each fiscal year.
In accordance with the internal rules on group management, we conduct group-wide risk management of the Company’s subsidiaries in collaboration with each subsidiary. In particular, we require our subsidiaries to cooperate in audits carried out by the internal audit department under the direct control of the President & CEO of the Company and other relevant departments or an external expert to verify and evaluate the management of risks related to the daily operations of the subsidiaries. Based on the results of such verification and evaluation, we have our subsidiaries conduct continuous review of their risk management in response to changes in the business environment. We have established the Standards for Evaluation and Selection of Independent Auditors, which mandate the criteria for the Audit & Supervisory Board to follow when evaluating the quality management, independence, and audit compensation of independent auditors. The Audit & Supervisory Board evaluates independent auditors annually, based on these standards.
1 Characteristics and risks of the oil and natural gas development business
- Risks of disasters, incidents, system failures, etc.
- Risk of failure in exploration, development or production
- Dependence of production volume on specific regions and mining areas
- Risks related to contract deadlines, etc.
- Risk of change in reserves of crude oil, condensate, LPG, and natural gas
- Operatorship-related risks
- Risks related to project partners
- Risk attributable to a large capital investment and lengthy period of recovery of funds for the oil and natural gas development business
- Risks related to future abandonment
2 Impact on financial results from fluctuations in crude oil prices, natural gas prices, foreign exchange rates, and interest rates
- Impact on financial results from fluctuations in oil prices and natural gas prices
- Impact on financial results from fluctuations in foreign exchange rates
- Impact on financial results from fluctuations in interest rates
3 Climate-related risks
- Policy and regulatory risks
- Technology risks
- Market risks
- Physical risks
4 Country risks in overseas business
Operational Risk Management System
To manage diverse risks related to our business, we have introduced guidelines for economic evaluations and risk assessment to individual projects. We analyze and evaluate the feasibility of potential new projects based on identified major risks, and we respond to these risks. For existing projects, we convene the INPEX Value Assurance System (IVAS) Committee as a mechanism for cross-organizational technical evaluation in each phase of exploration, evaluation, and development. In addition, we conduct economic evaluations and risk assessments in principle at least once a year, and provide an annual summary report of risk assessment results for major projects to the Board of Directors.
To enhance our ability to respond to emergencies caused by large-scale accidents and disasters, we have established the Emergency and Crisis Response Plan and conduct emergency response drills on a regular basis to proactively manage risks related to our business. To prevent the suspension of important operations, we have established the Business Continuity Plan (BCP5), which is reviewed as necessary. Our Information Security Committee also meets regularly and as needed to implement systematic and organized information security measures, as well as education and training, including concerning the prevention of information leakage.
With respect to HSE risks, we identify, analyze, and evaluate risks for each business location based on the Risk Management Procedure established under the HSE Management System to promote continuous improvement activities in occupational health and safety management, environmental management, and security in our business activities. In addition to formulating and implementing risk control measures, our HSE risk management status is regularly reported to our headquarters and regular workshops held to ensure that the headquarters continuously checks the status of HSE risk management.
We manage financial risks presented by fluctuations in crude oil and natural gas prices, foreign exchange rates, interest rates and securities prices by identifying the risks of fluctuations in each of these areas and establishing methods for managing and hedging these risks.
We have also established guidelines for managing country risks in the countries and regions where we operate, and manage those risks by setting target limits on the cumulative investment balance in countries with high risk.
For legal risks, we have established a system to provide appropriate legal advice to divisions and management on major contracts and lawsuits.
5 Business Continuity Plan: A proactive plan outlining the priority operations and steps to be taken in the event of a disaster to avoid or mitigate the risk of interruption to business activities
We implement assessment and management of climate-related risks in line with the TCFD6 recommendations. Risk and opportunity assessment and management are described on page 567.
We include policy and legal transitions, technology and market transitions, and reputation as transition risk areas. For physical risks, we identify acute and chronic risks. We also apply short-, medium- and long-term classifications to each of these risk categories. The Climate Change Strategy Group within the Corporate Strategy & Planning Unit acts as the secretariat and conducts risk assessment and management on the annual cycle. Company-wide workshops are conducted given the importance of the development process for assessing, preventing and mitigating climate-related risks. The Climate Change Strategy Group serves as the secretariat at these workshops, and the Climate Change Strategy Working Group—an advisory body to the Sustainability Committee (chaired by the President & CEO)—participates in the discussion. The Working Group consists of members from each business division and also has knowledge of CSR and sustainability issues. The discussions, studies, and proposals from each business division are integrated into the company-wide risk assessment process.
We use the following two methods to financially assess climate-related risks. The first is an economic evaluation of projects using internal carbon pricing, and we are currently conducting an economic evaluation with internal carbon pricing applied as a base case. The second method is a financial assessment of our business portfolio. We financially assess the market risk that the oil and carbon prices in the IEA8 WEO’s Sustainable Development Scenario (SDS; a scenario consistent with the Paris Agreement goals) pose to our entire portfolio.
In addition, a cross-organizational team regularly carries out physical risk assessments. In FY2019, we identified risks at major facilities in Japan and Australia during a physical risk assessment trial at our operator facilities. In FY2021, we verified the status of physical risk assessments performed on the major projects for which we hold non-operator status.
6 Task Force on Climate-related Financial Disclosures
8 International Energy Agency
Supply Chain Risk Management
Our Group procures approximately 200 billion yen per year in goods and services from approximately 2,000 suppliers. To manage risks in our supply chain, we take appropriate actions in prevention, detection, and correction. As preventive controls, we require suppliers to comply with labor and environmental laws and regulations and respect the INPEX Group Human Rights Policy. These requirements are built into our standard contracts.
Furthermore, we strive to provide fair opportunities to all suppliers in the selection process, and award supplier contracts based on fair, impartial, and transparent assessments. During the bidding process for overseas operator projects, we conduct comprehensive assessments of bidding companies’ compliance with local laws and regulations, the INPEX ABC Policy, and INPEX Group Human Rights Policy. We have also established prequalification criteria regarding HSE requirements. For projects in Japan, during the bidding process for large-scale construction, we also conduct a comprehensive assessment according to the INPEX ABC Policy and HSE requirements to ensure fair and impartial procurement.
As detective controls, we have established a supply chain risk assessment system, and have been conducting a self-assessment survey of our major suppliers since FY2018. This survey enables us to monitor the compliance systems of our suppliers and identify risks. A total of 23 companies have responded to the survey over the past three years.
Key items monitored:
- Human rights and labor
- Health and safety
- Fair business practices
- Contribution to local communities
- Approach to business partners.
In addition, we monitor risks through our grievance mechanism and HSE audits.
We also work to strengthen risk management in our supply chain through engagement with our suppliers. In Japan, we are seeking to improve HSE in supplier operations by holding HSE Liaison Meetings with our major suppliers. Activities include: i) explanation and dissemination of INPEX’s HSE Objectives and activity programs; ii) explanation and sharing of information about incidents and near misses; and iii) introduction and sharing of HSE-related information from the above suppliers and hearing their thoughts on HSE. In addition, in FY 2021, we held a seminar on human rights inviting external presenters.
In Australia, we have opportunities for engagement with our main suppliers by meeting regularly with them to review their performance in terms of HSE, quality and service content, as well as by exchanging views in a timely and appropriate manner on risks to our business and corresponding mitigation measures.
As for corrective controls, we take corrective actions against suppliers assessed as high risk through detective controls, including: i) improvement activities through HSE audit and ESG audit; and ii) avoidance and mitigation of risks, including through review of contracts.
Large-scale Natural Disaster and Pandemic Countermeasures
Large-scale Natural Disaster Countermeasures
We assess the risk of natural disasters that may occur at each of our business locations and implement appropriate prevention and mitigation measures for each natural disaster, such as earthquakes, and heavy rainfall and flooding. In addition, for unexpected events, we have prepared an emergency response plan and a Business Continuity Plan (BCP) to protect lives in the event of damage and to quickly restore business operations.
We also have a BCP and an initial response manual in place for our headquarters area, designed for the scenario of an earthquake centered directly under the Tokyo metropolitan area, and prepared based on the damage assumptions made by the Cabinet Office of Japan’s Central Disaster Management Council. Our policy on business continuity clearly expresses company-wide values prioritizing the maintenance of stable energy supply while ensuring human safety and environmental preservation. The BCP and other manuals also stipulate not only the establishment of provisional offices but also how our employees should react in the event of an earthquake on a holiday or at night, and procedures for returning home from the office. We conduct an annual crisis response drill for the aforementioned earthquake scenario, as outlined by our BCP and other manuals. We use the lessons learned from the drill to continuously strengthen our disaster preparedness, including by improving our manuals and reviewing our materials, equipment, and reserves.
Novel Virus and Pandemic Risk Countermeasures
We have long had in place an infection prevention manual for implementation against pandemics caused by virulent novel influenza viruses. We also have formulated a pandemic BCP for ensuring the safety of our employees and handling related crises. This commitment to pandemic preparedness is a necessary part of fulfilling our responsibility as an infrastructure company that continuously supplies crude oil and natural gas even during crises.
In response to COVID-19, we established a Corporate Crisis Management Team headed by the Representative Director, President & CEO. The team meets regularly to ensure that countermeasure policies are implemented thoroughly and that pandemic-related information is shared throughout the Company. Moreover, we have established a local crisis response team at each of our domestic and overseas offices and sites. These are headed by the local managers and enable actions to be closely tailored to the local situation. Furthermore, by applying the aforementioned BCP, we have been able to smoothly respond to major changes in the pandemic situation, such as the state of emergency declared by the Japanese Government in April 2020. We have also been able to continuously maintain the supply of crude oil and natural gas even while drastically reducing the number of employees who go into offices or sites. In addition, in order to respond to the volatile situation and further impact of COVID-19, the BCP is continuously updated to increase its effectiveness and expand its applicability to general infectious diseases.
The following are the main specific infection risk controls that we are implementing in the headquarters area:
- Introduction of a work-from-home scheme for all administrative divisions throughout the Company
- Introduction of a flextime system without core working hours
- Ensuring compliance with rules for social distancing at the office, restriction of visitors, disinfection, body temperature measurement, and mask wearing
We are also committed to implementing thorough infection control measures at our domestic and international operating sites to fulfill our important social mission of providing a stable supply of energy, and we have maintained stable operations even during the global COVID-19 pandemic.
For details on specific countermeasures at our operating sites, please refer to “Special Report 3: Our Responses to COVID-19.“
Our Group has established the “Basic Policy for Information Security” to maintain the confidentiality, integrity, and availability of information that it holds. Furthermore, we establish information security rules and regulations, develop management systems, and systematically implement systemic, physical and personnel measures necessary to protect information assets. This is done under the leadership of the Information Security Committee, a Company-wide control organization made up of Directors and other members.
We endeavor to prevent internal leaks of information by taking action to increase employees’ information security awareness and to more firmly implant the values and culture essential for proactively safeguarding our information assets. These efforts include not only system enhancements, but also educational support such as regular e-learning courses and training on targeted emails.
We also strive to defend our information assets from external attacks through systems-related countermeasures as well as regular security assessments performed by an external security vendor. Moreover, we have a threat monitoring and response system in place to detect attacks and take corrective action against them.