Risk Management
Our Policy
INPEX is committed to accurately identifying and assessing the complex and diverse risks inherent in its business environment, while establishing appropriate risk prevention and mitigation measures to help minimize risks. In addition to preparing for large-scale natural disasters and epidemics, we also address risks related to the business environment such as changes to economic and social conditions or laws and regulations, as well as risks that exist in each process of our business. This includes exploration, production, transportation, and sales. We have established internal controls under Japan’s Financial Instruments and Exchange Act—known as “JSOX”— based on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework, and each business division also conducts risk management related to occupational health, safety, and environmental protection under our HSE1 Management System. Additionally, we analyze the impact of fluctuations in crude oil prices and foreign exchange rates on our net income and disclose this information at every financial result briefing.
1 HSE: Health, safety, and environment
Risk Management Structure
We strive to continuously improve our risk management structure, which is designed to appropriately identify and manage the risks associated with our business operations. We have established a structure to prevent, or otherwise mitigate, adverse impact. This helps us to maintain and reinforce the trust of our customers, business partners, investors, and other stakeholders, and maximize our corporate value.
We have adopted a divisional system and assigned Directors and other officers as the Senior Vice President of each division. This system ensures responsibility and efficient management of business operations. The divisions work closely together to conduct risk identification, analysis, and assessment in accordance with our internal regulations, guidelines, and other rules. Material risks associated with individual projects are reported to the Executive Committee, and the Board of Directors as necessary, for comprehensive review and determination of action plans for the risks. For example, when considering the acquisition of concessions or formulation of development plans for E&P activities, material risks are identified, analyzed, and assessed based on guidelines related to economic and risk assessment. To ensure the efficacy of our risk management structure to daily operations, in addition to continuous monitoring by each division in charge and collaboration with relevant divisions, regular audits are conducted either by the internal audit department reporting directly to the President & CEO or by external experts. By providing feedback from these audits to each division in charge, we can review our risk management structure and respond to changing conditions in the business environment in a timely manner.
Furthermore, to realize our Medium-term Business Plan and other key business objectives, annual plans and targets are developed for each department, aligning with our medium- to long-term goals. This process incorporates identified material risks and associated mitigation/management plans and is determined by the Executive Committee. Each department subsequently carries out initiatives to achieve its targets and manage any risks, and reviews its progress at the midterm and end of each fiscal year.
In accordance with our internal regulations on Group management, we conduct Group-wide risk management in collaboration with each subsidiary. To verify and assess the management of risks related to daily operations, our subsidiaries must cooperate in audits conducted by the internal audit department under the direct control of the President & CEO and other relevant departments or an external expert. Based on audits results, subsidiaries then review their risk management activities in response to changes in the business environment. We have established our Standards for Evaluation and Selection of Independent Auditors, which outline the criteria for the Audit & Supervisory Board to follow when evaluating the quality control, independence, and audit fees of independent auditors. The Audit & Supervisory Board evaluates independent auditors annually, based on these standards.
Business Risk
The following is a list of key items that can be considered potential risk factors relating to the business operations of the INPEX Group. From the standpoint of information disclosure to investors and shareholders, we actively communicate matters that are not necessarily the business risks but that can be considered to have important effects on the investment decisions of investors. The following discussion does not completely cover all risks relating to the Group’s businesses.
- Characteristics and risks of the oil and gas development business
- Risks of disasters, accidents, system failures, etc.
- Risks of failure in exploration, development, or production
- Dependence of production volume on specific regions and mining areas
- Risks related to contract deadlines, etc.
- Risks of change in reserves of oil, condensate, LPG, and gas
- Risks related to operatorship
- Risks related to project partners
- Risks attributable to a large capital investment and lengthy period of recovery of funds for the oil and gas development business
- Risks related to future abandonment
- Impact on financial results from fluctuations in oil and gas prices, foreign exchange rates, and interest rates
- Impact on financial results from fluctuations in oil and gas prices
- Impact on financial results from fluctuations in foreign exchange rates
- Climate-related risks
- Policy and regulatory risks
- Technology and market risks
- Physical risks
- Financing risks
- Country risks in overseas business
Business Risk Management
To manage the diverse risks related to our business, we have introduced guidelines for economic and risk assessments for each project. We evaluate the feasibility of potential new projects based on identified material risks, and respond to these risks accordingly. For existing projects, we convene the IVAS Committee as a mechanism for cross-organizational technical evaluation in each phase. We conduct economic and risk assessments in principle at least once a year, and provide an annual summary report of assessment results for major projects to the Board of Directors.
To enhance our ability to respond to emergencies caused by large-scale accidents or disasters, we have developed emergency and crisis response plans. Emergency response drills are conducted regularly to proactively manage risks related to our business. We have also established a business continuity plan (BCP) to ensure continuity of critical operation without interruption. The BCP is reviewed as necessary.
With respect to HSE risks, we identify, analyze, and assess risks for each business segment based on the HSE Risk Management Procedure established under the HSE Management System. This aims to promote continuous improvement activities in our business activities, including new projects. For our non-operator projects, we also actively promote HSE involvement based on the risk of each project.
We manage financial risks presented by fluctuations in oil and gas prices, foreign exchange rates, interest rates, and securities prices by identifying the risk of fluctuations in each of these areas and establishing methods for managing and hedging these risks. We have also developed guidelines for managing risks specific to the countries and regions in which we operate, and mitigate these risks by setting target limits on the cumulative investment balance within high-risk countries. To manage legal risks, we have established the Legal Unit as an independent body to provide appropriate legal advice to divisions and senior management executives on major contracts and lawsuits. We are also enhancing our legal support functions for projects in Japan and overseas.
Our Informaiton security initiatives are as follows.
We have established our Basic Policy for Information Security to uphold confidentiality, integrity, and availability of information. Similarly, our Basic Policy for the Appropriate Handling of Individual Numbers and Personally Identifiable Information is implemented to protect personal information. Furthermore, under the supervision of the Information Security Committee established as a Group-wide supervisory body, we establish related regulations and management structures, and systematically implement systems-related, physical, and personnel-related measures necessary to protect our information assets. The Committee normally meets twice a year and is chaired by the Senior Vice President of the Logistics & IMT Division—who is also a member of the Executive Committee—and consists of the Senior Vice Presidents of the General Administration, Corporate Strategy & Planning, Finance & Accounting, Technical, and New Ventures & Global Exploration divisions, as well as the General Managers of the Legal Unit. The matters determined by the Committee are reported to and deliberated by the Executive Committee. Results are then reported to the Board of Directors as needed.
Information security strategies and measures are developed following determinations by the Executive Committee during annual budget deliberations. We aim to prevent information leaks from within the Company by raising employee awareness of information security. We also firmly embed the values and culture essential for the proactive safeguarding our information assets. These efforts include not only system enhancements but also educational initiatives, such as regular e-learning courses, targeted email drills, and circulating a monthly Information Security News. We implement system-related measures for detecting and preventing external attacks, monitor 24 hours a day, 365 days a year to promptly address and deal with incidents, and have created and utilize a Computer Security Incident Response Team (CSIRT) to respond to incidents. Furthermore, an external security vendor performs periodic assessments.
We also perform internal security assessments at our domestic subsidiaries and overseas business sites. In FY2023, we assessed our security measures, focusing on our control systems, at our operational sites in Japan in accordance with a security standard for control systems (the IEC 62443 global standard).
In FY2023, there were zero incidents caused by major cyberattacks requiring public disclosure.
Also in FY2023, as in FY2022, we carried out two targeted email drills and one e-learning session to boost awareness of information security across the Group.
Basic Policy for Information Security
Risk Maps
The main risks in our business operations are outlined below, and basic measures for dealing with each are defined. Furthermore, we utilize risk maps to analyze specific and current risks affecting our business strategies. This includes risks that have already manifested themselves, from the perspectives of impact and likelihood affecting the business and financial perfomance. We define our response policies based on the urgency and impact of these risks, and promptly implement countermeasures.
Key control measures for managing various risks |
|
---|---|
Climate change-related transition risks control measures
Market risks control measures
Country risk control measures
|
Project risks control measures
Operational risks control measures
|