Promotion of risk management

Anritsu implements risk management through internal control systems and strengthened information security management.

Building an Effective Internal Control System

■Toward Management Innovation through Internal Controls

Anritsu believes building an effective internal control system is vital for its global business development. We have therefore had in place a system to safeguard the reliability of financial reporting since March 2009. This enables us to step up our efforts to ensure internal controls take root and enhance corporate value in the context of shared responsibility for major operational risks

■Fiscal Year 2008 Results

Because 2008 is the first year of the Internal Control Report System for financial reporting, as established by the Financial Instruments and Exchange Act, we reorganized our internal audit division into a Global Audit department and strengthened the system, including Group support in April 2008. At major Group companies, managers dedicated to internal audits have been assigned to act as key persons for internal control and evaluation, and audits have been conducted.
The evaluation identified several flaws. However, as a result of sharing improvements through the Internal Control Committee and taking appropriate action, we concluded the internal control system of the Anritsu Group, is effective as of March 2009 in terms of Groupwide philosophy and ethics, control of accounting policy and procedures, and control of infrastructure and business processes related to financial reporting.

■Future Initiatives

Looking ahead, Anritsu Corporation's Global Audit department will reinforce the collaborative relationships with domestic and overseas Group Companies that have been established in the process of developing our internal control system, and we will build the framework for a global risk management system. We will broaden our activities from addressing financial reporting issues to sharing a common awareness of major operational risks and implementing countermeasures.
In the near future, we will more effectively control uncertainties as well as factors that could stand in the way of our achieving goals for enhancing corporate value.

Anritsu Company Limited is a company incorporated in Hong Kong, holding several subsidiaries in the APAC region. Pursuant to a risk-based approach and in accordance with the internal audit plan, our internal audit team had carried out several independent reviews on the business units in FY08 by making reference to the company policies, guidelines and J-SOX legislation. The internal audit covered major internal controls and risk assessment, including financial, operational and compliance. The audits reported by identifying weaknesses and making recommendation for improvement.
Each business unit has established and implemented various policies and procedures to enforce internal controls. The Management will continuously monitor the implementation of their business plans along with the compliance of group policies in order to enhance the smooth operation of the Company and the accuracy of accounting information.

Information Security Management

Anritsu has been continuously working to maintain and improve information security within a framework for evaluating effectiveness and managing risk. In evaluating effectiveness, control items deemed to be particularly important were identified from a wide range of items through quantitative analysis, monitored to confirm they were being operated in accordance with prescribed policy, and improved as needed. In risk management, we regularly review risks to keep pace with changes in the environment and assets, and respond to emerging risks.

■Physical Security Measures

During the fiscal 2008, we renewed our IC-card-based entry/exit management system at three locations in the Atsugi area to prevent potential system failure due to aging equipment while also improving physical security. The upgrades make it possible to more quickly and accurately confirm safety in the event of disaster.

■Strengthened Security of Websites on the Internet

The Anritsu Group maintains an website for each of its major locations worldwide, including Japan, to provide customers with product information. Given that website security is a major issue, we have formulated a globally unified website security policy, diagnosed the relative vulnerability of all sites including those hosted outside of Japan, and promoted improvements to eliminate serious vulnerabilities. Looking ahead, we will further enhance security by integrating the sites built in different countries and managing them at a single location.

■Promoting Security Governance in the Value Chain

Information sharing with business partners is indispensable for today's business activities, even as the rising volume of information taken out of the company increases the risk of information leaks. Safeguarding information security requires efforts across the value chain, including business partners. Last year, Anritsu conducted a questionnaire survey of about 120 partner companies. Based on its results, we requested that business partners conduct thorough security management for which we provided the training materials.

■Supporting Employee Education

We continued employee training at different organizational levels this year to promote their overall education. In annual training for the rank and file, we invited Microsoft to give a lecture on Internet threats, which have raised the concern of many employees. In addition, we published monthly case studies on information security.

■Business continuity plans (BCP) Operations Regarding Information Systems

We have been continuously improving our BCP for greater reliability by testing actual equipment and plan details. As part of these efforts, we formulated a plan to relocate the entire system to an earthquake-proof facility for a more reliable BCP recovery time and began implementing the plan. During the current fiscal 2008, we relocated a part of the CAD system and intend to relocate other key systems in the fiscal 2009.