COMPLIANCE &
RISK MANAGEMENT

COMPLIANCE &
RISK MANAGEMENT

COMPLIANCE & RISK MANAGEMENT<

Having adopted "Empower Data, Innovate the Business, Shape the Future" as its business vision, the WingArc Group aims to deliver a better future by adding value to data and supporting the transformation of companies that face challenges. With "Build the Trust" as our Core Value, we place great significance on earning the "trust" of our customers and stakeholders. To realize our Vision and Core Value, we recognize the importance of complying with social norms, conducting business honestly and fairly, and properly managing the various risks involved in business activities. For that reason, we are developing an internal compliance and risk management system and are carrying out various initiatives.

Implementation Structure*1

To promote compliance and risk management, the Group has established the Risk and Compliance Committee, which is chaired by the President and composed of directors and auditors. It formulates policies and monitors progress, and addresses major compliance and risk management issues should they arise.

*1 Parts of the organizational chart have been omitted.
*2 Chief Risk Officer

01.Compliance

Main Initiatives

Internal Audit

The Internal Audit Office works directly under the President and conducts audits of the operations of the entire Group based on the internal audit plan. It conducts comprehensive internal audits with an objective perspective from its independent position in the Company. Additionally, to fulfill our responsibilities as a publicly listed company, we are particularly rigorous in the auditing of internal controls and compliance, which are included among priority audit items.

Audit results are reported to the President, after which audited departments are reviewed and guidance is provided on areas for improvement. In addition, even after improvements, we regularly monitor the operating conditions of departments and strive to make internal audits more effective.

・Three-way Audit

The Internal Audit Office conducts a three-way audit meeting once a quarter with the Auditors and Ernst & Young ShinNihon LLC., the Accounting Auditor, to share information and collaborate on the status of audit implementation.

Internal Reporting System

The Group believes that improvements concerning compliance violations are important for maintaining the Group's social credibility and ensuring its long-term survival. The Group has established an internal reporting system, the Compliance Consultation Line, to collect information on violations of laws and regulations, various types of harassment, and acts that violate or may violate the various rules and regulations established by the Company. This will improve corporate management by taking action based on facts.

The Compliance Consultation Line has four reporting channels, (internal, female-only, auditor, and external), allowing directors and employees to safely report concerns. Upon receipt of a report, we will thoroughly manage and maintain the confidentiality of the contents of the report and the informant, and provide sufficient protection and follow-up so that informants will not suffer disadvantages. Following an investigation, should it be confirmed that a compliance violation has occurred, the person in charge will take corrective measures (including guidance for the relevant individual) and preventive measures as needed.

Education and Training

To ensure thorough compliance, the Group places great importance on training for its directors and employees, and carries out continued training and e-learning programs. In harassment training, participants learn basic information about harassment, as well as communication techniques to prevent it. In training to prevent insider training, we prevent the violation of laws and regulations by emphasizing the importance and risks of information management as a listed company and thoroughly disseminating information about insider trading management regulations. Adding to these initiatives, we also regularly conduct e-learning programs on compliance for all directors and employees to promote the acquisition of knowledge and foster compliance awareness.

02.Risk Management

We have established a management system and are implementing appropriate measures against the various risks in corporate operations. Furthermore, we support stable business activities by constantly updating our systems and measures in line with changes in the business environment.

Information Security Initiatives

We provide various cloud services and understand that managing customer information on the cloud is a key management issue. Through the establishment of a management system, creation of rules and regulations, regular training for employees, and the acquisition of various certifications, we will establish solid information security that can put our customers' minds at ease.

Click here for our Security Policy

Information Security Certification

Information Security Management System (ISMS)

Information Security Management System (ISMS)
SMS Cloud Security
Personal Information Protection Measures in the Cloud

ISMAP

The Information System Security Management and Assessment Program (ISMAP) is a system that aims to ensure the security level of government cloud service procurement by evaluating and registering cloud services that meet government security requirements in advance, thereby contributing to the successful implementation of cloud services.
The Group was registered on March 29, 2022.

Click here for other certifications

Business Risks

Risk Classification Risk Item Description Response
Technological Innovation Support for technological innovations in the Information Communications industry
  • New technical support for generative AI
  • Decline in demand for SVF, the company's flagship product, due to the decrease in the use of forms in companies
  • Increase in R&D related to generative AI and the inclusion of functions that utilize generative AI in new products
  • Promotion of the shift from paper forms to electronic forms
Possibility of product defects (including bugs)
  • Bugs in product development and cloud services
  • Establishment of a specialized quality control department
  • Promotion of standardized development
Product development
  • Delays in product development and delays in product releases due to product quality failing to meet expectations
Market Competition
  • Decline in the competitiveness of the Group's products against competing products
  • Declining market share as a result of pricing strategies of competing products
  • Continuous research of competing products
  • Launch of new products and new functions ahead of other companies
Risks related to economic conditions
  • Deterioration in business performance due to changes in the external environment
  • Accumulation of recurring* business to build a profit structure that is resilient against changes
Sales Sales Practices
  • Decrease in the activities of partners related to the Group's business
  • Decrease in orders due to discrepancies with end-user needs
  • Planning of joint strategies and objectives with partners through dedicated departments
  • Understanding customer needs through the direct sales department
Information Security Handling of personal information
  • Leakage of personal information
  • Establishment of a personal information protection policy
  • ISMS, ISO27018 certification
  • Information security training for all employees
Provision of cloud services
  • Service outage due to external attacks and system failure of the IaaS vendor
  • Maintenance and operation of a Computer Security Incident Response Team (CSIRT) and regular training
  • Establishment of a dedicated organization (WINGSIRT)
  • Obtain ISMAP certification
Human Resources Securing and training human resources
  • Acquisition and training of talented individuals
  • Diversification of recruitment methods, including recruitment events, online recruitment, and referrals
  • Training of personnel using proactive efforts in the latest technology and skill-up programs
Intellectual Property Infringement of intellectual property rights and third-party rights
  • Protection of proprietary methods and technologies developed by the Group, as well as patents and other intellectual property rights developed or licensed by the Group
  • Registration of patents and trademarks
  • Conducting seminars on patents and trademarks
M&A M&A and capital and business alliance
  • Following a M&A and capital business alliance, failure to achieve the expected business plan due to the discovery of new risk factors or sudden changes in the business environment
  • Carrying out thorough due diligence that also employs external experts
  • Building strong relationships with target companies and conduct monitoring
Overseas Overseas expansion
  • Failure to achieve business plans due to legal regulations, exchange rate fluctuations, and risks specific to overseas countries
  • Quickly gathering and analyzing local information
  • Developing suitable measures to address issues
Finance Risks related to internal control pertaining to financial reporting
  • Significant deficiencies in internal control that would lead to a decline in the reliability of financial reporting
  • Self-evaluation of the effectiveness of internal controls using the internal control reporting system (J-SOX) and publishing them externally as internal control reports
  • Accounting audit by accounting auditor
  • Establishment, operation and improvement of internal control system
Impairment of goodwill and other intangible assets
  • Risk of impairment of goodwill and other intangible assets due to decline in the profitability of the Group
  • Generation of stable earnings and cash flow by accumulating recurring revenue
  • A business plan that balances offense and defense
Reliance on interest-bearing debt and financing
  • Risk of lump-sum repayment due to violation of financial covenants due to deterioration in business performance
  • Risks of rising interest rate
  • Generation of stable earnings and cash flow by accumulating recurring revenue
  • Improve economic conditions through refinancing
Others Dilution of stock value due to the exercise of stock acquisition rights
  • Dilution of stock value due to the exercise of stock acquisition rights by directors and employees
  • Appropriate management of the number of stock acquisition rights issued
Relationship with Itochu Corporation and Toshiba Digital Solutions Corporation
  • Ensuring the suitability of transaction conditions with major shareholders of companies that we have concluded capital and business alliances with, and independence in decision-making
  • Appoint multiple outside directors to reflect the opinion of shareholders, including minority shareholders, in the Board of Directors
  • Prevent transactions with conflicts of interest and establish appropriate procedures regarding transactions between related parties

*Contracts based on the continuous provision of services, such as maintenance, cloud, and subscription