Internal Control Basic Environmental Policy
Kissei Pharmaceutical Internal Control Basic Policy
Kissei Pharmaceutical Co., Ltd. (“we,” “our,” “the Company”) hereby declares that, based on our Corporate Philosophy of “Contribute to society through high-quality, well-evidenced pharmaceutical products/Serve society through our people,” our officers and employees do their utmost to enhance corporate value and achieve continuous development while fulfilling our social responsibilities. This basic policy sets forth our basic approach to activities for the development of our internal control system in accordance with the Companies Act.
1. System to Ensure That the Execution of Duties by Directors and Employees Complies with Laws and Regulations and the Articles of Incorporation
1) In accordance with the Kissei Code of Conduct, we ensure that corporate ethics and legal compliance are prerequisites for all our corporate activities. The Board of Directors has the head of the compliance promotion department supervise the promotion of compliance and establish a compliance committee as an advisory body for the Board of Directors. The head of the compliance promotion department serves as chair of the compliance committee.
2) The Board of Directors has the head of the legal department establish a reporting and consultation system in accordance with the Whistleblower Protection Act to enable directors, Audit & Supervisory Board members, and employees who have detected compliance-related issues to make reports. This is also to ensure that the Board can collect and secure information promptly and appropriately and take proper action. Further, the Board develops a system to ensure that material issues, including those with a particularly close connection to directors, are immediately reported to the Board of Directors and Audit & Supervisory Board members.
2. System for Retention and Management of Information on the Execution of Duties by Directors
1) The Board of Directors develops a system to appropriately retain and manage information on the execution of duties by our directors and division heads. It also has the head of the legal department administer the Document Management Regulations, by which it retains and manages necessary documents (including magnetic recordings and other storage media) together with related materials and other information in an appropriate and highly retrievable manner in accordance with the storage medium.
2) Documents prescribed in the Document Management Regulations will be made available for inspection without delay when a request is made by a director or Audit & Supervisory Board member.
3) When establishing or revising the Document Management Regulations, the opinions of the Audit & Supervisory Board will be sought in advance and approval obtained from the Board of Directors.
3. Regulations and Other Systems Concerning the Management of Risk of Loss
1) The Board of Directors establishes Risk Management Regulations and other necessary internal rules and develops systems for the identification and management of risks related to the execution of duties.
2) With the objectives of the appropriate identification, evaluation, and treatment of risks, we divide company risks and their management into three domains: individual risks to management plans, legal risks and their management, and other risk management, and have the relevant divisions supervise these three domains. In addition, we have a risk management committee whose members include heads of these three divisions as an advisory body for the Board of Directors. This committee regularly monitors the progress of the development of the risk management system and verifies the appropriateness of the company-wide system by examining specific individual cases. The chair of the risk management committee is appointed by the president.
3) Each department head, in accordance with the Risk Management Regulations, anticipates and isolates specific risks in advance and develops a system for rapid and appropriate communication and response in the event of an emergency. They also establish rules and guidelines, implement training programs, and prepare manuals. Further, when a new risk emerges, it is reported to the risk management committee in accordance with the regulations without delay, and appropriate actions are taken.
4. System to Ensure Efficient Execution of Duties by Directors
1) All our businesses that exceed a certain level must, at the planning and execution stages, be verified by the Board of Directors or by relevant directors, division heads, and other bodies based on a proper and adequate scientific basis, regularly or at appropriate times, and necessary amendments made.
2) To enhance the efficiency of the execution of duties by directors, we create internal organizations with the intention of cooperation and checks-and-balances and establish clear segregation of duties, job authorities, and decision-making procedures in accordance with internal regulations. This ensures that we have a system for directors to execute their duties appropriately and efficiently.
3) The Board of Directors develops company-wide plans to be shared by directors and employees. It also sets out reasonable and specific objectives to be implemented by each department on a semi-annual basis each fiscal year, as well as efficient methods for their achievement. The Board of Directors also increases the degree of certainty of achieving these objectives and establishes a system to improve the efficiency of company-wide operations by promoting improvements such as eliminating factors that impede efficiency.
5. System to Ensure the Appropriateness of Business Operations in the Corporate Group
1) Under the Kissei Group Code of Conduct, directors and employees of Group companies work together to engage in business in compliance with laws and regulations in accordance with the Code.
2) Our Board of Directors develops management regulations and other rules for affiliated companies. For certain matters, each Group company is obliged to seek approval from or report to our department responsible for managing affiliated companies prior to resolution by their own Board of Directors, and obtain prior approval from our Board of Directors when necessary. In addition, measures to improve efficiency are considered and implemented for each of our risk management domains.
3) We establish a reporting and consultation system for the entire Group and strive to collect and secure information on violations of laws and internal rules and other relevant matters. We also develop a compliance-focused management system for the entire Group in which each Group company is able to take appropriate measures in advance by demonstrating its own preventive functions.
4) Group companies engage in appropriate risk management according to their respective business types and risk characteristics. We will supervise the overall risk management of our Group companies and implement necessary measures such as advice and guidance.
5) To ensure effective execution of duties by directors and others at Group companies, we develop clear procedures regarding the Group companies’ segregation of duties, job authorities, and decision-making.
6. System to Ensure the Reliability of Disclosure of Financial and Non-Financial Information
1) We establish and appropriately implement a basic policy on the establishment and assessment of internal control over financial reporting, etc. to secure the reliability of disclosure of financial and non-financial information across the entire Group.
7. System for Employees Who Assist Audit & Supervisory Board Members with Their Duties and Matters Related to the Independence of Such Employees
1) If Audit & Supervisory Board members need assistance for their duties, they may use an employee of the internal audit department as an assistant after first promptly consulting with the president.
2) If an employee receives orders from the Audit & Supervisory Board members that are necessary for audit work, as far as such orders from the Audit & Supervisory Board members are concerned, the employee will not accept instructions or orders from directors or the head of the internal audit department.
3) Personnel changes, personnel evaluations, and disciplinary actions of employees appointed as assistants require prior approval from the Audit & Supervisory Board.
8. System for the Company’s Directors and Employees and the Directors, Corporate Auditors, and Employees of Group Companies to Report to the Audit & Supervisory Board or Its Members, and Other Systems to Ensure the Effectiveness of Audits by Audit & Supervisory Board Members
1) The Boards of Directors of the Company and the Group companies consult the Audit & Supervisory Board members to decide on the matters to be reported to the Audit & Supervisory Board. Such reports are made by directors or division heads of the Company, or directors or others of the Group companies.
2) We provide the Audit & Supervisory Board opportunities to exchange opinions with our representative directors on a regular basis. We also offer them opportunities to interview directors and employees at their request.
3) We guarantee the Audit & Supervisory Board opportunities to independently utilize lawyers and certified public accountants to receive advice on auditing.
4) We prohibit unfavorable treatment of directors and employees of the Company and the Group companies who have reported to the Audit & Supervisory Board or its members for the reason that they have made such reports.
5) Expenses or reimbursements arising from the execution of duties by Audit & Supervisory Board members are immediately processed at their request.
9. System for Eliminating Antisocial Forces and Corruption
1) In accordance with the Kissei Code of Conduct, we develop an internal system to eliminate any and all associations with antisocial forces and organizations.
2) We strive to foster a corporate culture of sincerity and integrity in accordance with the Basic Policy on the Prohibition of Corrupt Practices. We abide by laws, regulations, and social norms and eliminate any corruption, including bribery, from our business activities grounded in fair trade and healthy competition.
Kissei Pharmaceutical Internal Control Basic Policy【PDF/120kb】
Basic Policy on Establishment and Assessment of Internal Controls over Financial Reporting, etc.
Chapter 1. Basic Policy on Establishment and Assessment of Internal Control over Financial Reporting
1. Basic policy
Positioning compliance with the Internal Control Reporting System as part of efforts to strengthen the Kissei Group’s corporate foundation, Kissei Pharmaceutical Co., Ltd. (“we,” “our,” “the Company”) establishes and assesses internal controls over financial reporting as required under the Financial Instruments and Exchange Act (“internal controls”).
2. Objective
To ensure the confidence of investors, we stipulate the basic matters for the establishment and assessment of internal controls under the Internal Control Reporting System pursuant to the provisions of Article 24-4-4 of the Financial Instruments and Exchange Act and ensure the reliability of the Company’s financial reporting.
3. Basic plan and policy for establishment
Based on the Kissei Pharmaceutical Internal Control Basic Policy, the chairman establishes basic plans and policies for conducting internal control at both the company level and business process level.
4. Principles applied to ensure proper financial reporting
The standards for establishing and assessing appropriate internal controls are based on the Standards for Management Assessment and Audit Concerning Internal Controls Over Financial Reporting and the Practice Standards for Management Assessment and Audit concerning Internal Control Over Financial Reporting (Business Accounting Council, April 7, 2023).
5. Scope of internal control to be established to ensure proper financial reporting
The scope for the establishment of internal controls fundamentally covers all locations and business units, while conforming to the scope of assessment required by the reporting system. In addition, the scope of establishment is not comprehensively inclusive, but is determined based on the criteria for judging materiality.
6. Level of internal control to be established to ensure proper financial reporting
Internal control is established to a level at which financial reporting can be said to be conducted properly in all material respects, in accordance with generally accepted standards for assessment of internal control.
7. Responsible officer for the establishment and assessment of internal control
The chairman, who is responsible for submitting Internal Control Reports, is also responsible for the establishment and assessment of internal control. As the responsible officer for internal control, the chairman promptly reports to the Audit & Supervisory Board and the accounting auditor any material weaknesses in financial reporting, as well as any misconduct by individuals who play an important role in internal controls and any material changes to internal controls.
8. System for establishing and assessing internal control
(1) System for establishment of internal controls
The Corporate Finance and Management Department supervises and promotes the establishment of the internal control reporting system. The department manager of the Corporate Finance and Management Department is responsible for the establishment of internal controls. Managers of each department in charge of business processes (“process owners”) and managers of relevant departments are responsible for establishing internal controls as part of the operations of their respective departments. Internal control extends to the Group as a whole, and the Corporate Strategy and Planning Department acts as a liaison between the Company and Group companies.
(2) Internal control assessment system
The Auditing Department assesses the design and operation status of internal controls under the Internal Control Reporting System. The chairman appoints the department manager of the Auditing Department as the responsible officer for practical operations in the assessment of internal controls. The department manager of the Auditing Department may request the support of personnel from relevant departments if deemed necessary for the purpose of assessment. The assessment of internal control extends to the Group as a whole; therefore the Auditing Department of the parent company (Kissei Pharmaceutical) also assesses significant controls at subsidiaries.
9. Education and training for the establishment and assessment of internal control
Since the establishment and assessment of internal control require a considerable amount of specialized knowledge, education and training are provided to enhance understanding of the system as appropriate. Education and training are provided to the following people as appropriate.
(1) Top management, directors, Audit & Supervisory Board members, and division heads (including those of consolidated subsidiaries)
(2) Process owners, assigned personnel, and employees (including those of consolidated subsidiaries)
Chapter 2. Policy for Establishing Internal Control over Financial Reporting
I. Identification and Assessment of Risks
A system is established to ensure the reliability of financial reporting by accurately identifying and addressing risks that may have a material impact on financial reporting. Risks are assessed at the beginning of each period and an evaluation made as to whether or not the situation has changed by the end of the period. The identification of risks is documented by entering the necessary items in the Risk Catalog Assessment Sheet.
1. Definition of risks to be identified
Factors that impair the reliability of financial reporting, i.e., risk of misstatements, are identified as risks. There are various types of risks, including the following external and internal factors, but risks in this context are limited to those that would have a negative effect on the organization and, more specifically, those that would affect financial reporting. Risk of fraud is also included in the scope of risk assessment.
External factors: natural disasters, theft, intensification of market competition, fluctuations in foreign exchange or resources markets, etc.
Internal factors: information system errors and defects, occurrence of accounting errors, fraud, leaks of personal information and information relevant to high-level management decisions, etc.
2. Risk treatment
As it is not realistically possible to treat all risks, only those that may have a material impact on financial reporting are treated.
3. Risk identification and classification methods
The Corporate Finance and Management Department prepares a Risk Catalog Assessment Sheet, which details potential risks and identifies the likelihood of their occurrence, degree of impact, and materiality. In addition, risks are classified as follows using the Risk Catalog Assessment Sheet.
| Company-level | Risks that would affect overall financial reporting |
|---|---|
| Business process-level | Risks that would affect individual financial reporting items |
4. Risk assessment methods
(1) Criteria for determining the likelihood of occurrence
The likelihood of occurrence is assessed on a three-point scale.
| 1 | (Low) Small likelihood: Rarely occurs; May occur once a year |
|---|---|
| 2 | (Medium) Medium likelihood: May occur occasionally; May occur about once every six months |
| 3 | (High) Major likelihood: May occur frequently; May occur once a month |
(2) Criteria for determining degree of impact
The degree of impact is assessed on a three-point scale.
| 1 | (Low) Small impact: Little quantitative impact on financial reporting |
|---|---|
| 2 | (Medium) Medium impact: Some quantitative impact on financial reporting |
| 3 | (High) Major impact: Serious quantitative impact on financial reporting |
(3) Criteria for determining materiality of risks
Materiality is calculated in consideration of the likelihood of occurrence and degree of impact described above.
| Degree of impact | Likelihood of occurrence | ||
|---|---|---|---|
| 1 | 2 | 3 | |
| 1 | Small | Small | Medium |
| 2 | Small | Medium | Major |
| 3 | Medium | Major | Major |
(a) Business processes that address major and medium risks are subject to assessment.
(b) Small risks are excluded from assessment upon clear indication of the reasons for their exclusion.
(4) Report on assessment results
Risks that have been identified, classified, and assessed are reported to the chairman and the Risk Management Committee without delay.
II. Establishment of Company-Level Controls
Company-level controls are established to ensure the appropriate treatment of company-level risks among the misstatement risks related to financial reporting. Once the financial figures for the previous fiscal year’s end are finalized, the scopes of documentation and assessment will be determined from the perspective of their degree of quantitative and qualitative impact in light of the projected figures for the current fiscal year. In addition, in order to treat risks at the business process level, a system for appropriate support by the company-level controls is established to ensure that process-level internal controls function appropriately.
1. Documentation of company-level controls
After confirming that all necessary assessment items are listed on the Company-Level Internal Control Sheet, the department in charge evaluates the design status by answering the assessment items. Internal control systems and other systems are to be established for areas with poor design status. The Corporate Finance and Management Department evaluates the design status by asking questions of process owners associated with assessment items and managers of relevant departments and by reviewing detailed documents.
2. Assessment items for design status of company-level controls
The assessment items on the Company-Level Internal Control Sheet are determined with reference to the 42 assessment items listed in the Practice Standards. They are reviewed at appropriate times, such as in the event of organizational restructuring.
3. Documentation tools for design status of company-level controls
The Company-Level Internal Control Sheet is utilized. The parent company (Kissei Pharmaceutical) documents all items on the sheet, and the consolidated subsidiaries document their internal control using sheets they draw up by selecting appropriate assessment items.
4. Definition of locations or business units for company-level controls
Locations or business units are units for the establishment and assessment of internal controls, which are selected in consideration of the parent company (Kissei Pharmaceutical), consolidated subsidiaries, businesses, and other factors.
5. Selection of locations or business units required to document company-level controls
Basically, all locations and business units are subject to documentation. However, locations and business units that do not have a material quantitative or qualitative impact on financial reporting are excluded from the scope of assessment. In addition, in cases where significant deficiencies or other issues are identified at locations or business units not subject to assessment, these locations or business units will be included in the assessment for the fiscal year in which the issues occurred. A quantitative impact is judged as not material when either of the following criteria applies:
| 1 | In consolidated financial statements, a location or business unit whose pre-tax profit after consolidation elimination is not included in the top 95% of the total cumulative pre-tax profit when locations and business units are ranked in descending order of amount and their pre-tax profits are combined |
|---|---|
| 2 | In consolidated financial statements, a location or business unit whose net sales after consolidation are not included in the top 95% of the total cumulative net sales when locations and business units are ranked in descending order of amount and their net sales are combined |
The materiality of quantitative impact is determined based on absolute values rather than simple figures, including negative figures.
III. Establishment of Internal Controls over Financial Closing and Reporting Process
Internal controls to mitigate material misstatement risk in the financial closing and reporting process are established. The scopes of documentation and assessment are determined in accordance with company-level controls. The financial closing and reporting process includes items to be assessed from a company-wide perspective and those to be assessed as individual business processes. Items to be assessed from a company-wide perspective are determined in conformity with company-level controls, and items to be assessed as individual business processes are determined in conformity with the establishment of process-level controls.
1. Documentation of internal controls over financial closing and reporting process
The department in charge first confirms that all necessary assessment items are listed on the Company-Level Assessment Sheet, then self-inspects the design status by answering the assessment items. Internal control systems and other systems are to be established for areas with poor design status. The Corporate Finance and Management Department evaluates the design status by asking questions of process owners and managers of relevant departments associated with assessment items and by reviewing detailed documents.
2. Assessment items for design status of internal controls over financial closing and reporting process
The assessment items are determined as follows.
For matters to be assessed from a company-wide perspective: items specified in the Company-Level Assessment Sheet. For matters to be assessed as individual business processes: items selected after examining the materiality of the matters using the Assessment Item Identification List.
These items are reviewed, in cooperation with the department in charge, at appropriate times, such as in the event of organizational restructuring.
3. Documentation tools for design status of internal control over financial closing and reporting process
The Company-Level Assessment Sheet is used. The parent company (Kissei Pharmaceutical) documents all items on the sheet, and the consolidated subsidiaries document their internal control using sheets they draw up by selecting appropriate assessment items.
4. Selection of locations or business units required to document internal controls over financial closing and reporting process
The locations or business units subject to documentation are those selected for company-level controls.
IV. Establishment of Internal Control over Business Processes
Internal controls to mitigate material misstatement risk in financial reporting are established. Once the financial figures for the previous fiscal year’s end are finalized, the scope of documentation and assessment is determined from the perspectives of quantitative impact, the likelihood of risk occurrence, and qualitative impact based on the projected figures for the current fiscal year. Basically, the current design status of internal controls is evaluated, and for items for which controls to address risks have not been established, the Corporate Finance and Management Department, process owners, and assigned personnel discuss the controls to be designed and establish internal controls to an effective standard.
1. Documentation of internal control over business processes
The department in charge prepares a Process Flowchart, Process Narrative, Risk Control Matrix (RCM), and Segregation of Duties Matrix for each major business process. Further, the department also identifies the status of controls to address risks for each operation, before examining and documenting the adequacy of misstatement risk mitigation in the RCM (Design Status Assessment Sheet). In documenting process flows, the department in charge refers to the Process Flow Description Standards. The Segregation of Duties Matrix clarifies the approval route for operations. Procedures to follow and other information for when the approver is absent are described in the marginal notes, as necessary, for each business process.
2. Assessment items for design of internal control over business processes
The department in charge links the misstatement risks clarified in the Process Flowchart, Process Narrative, Risk Control Matrix (RCM), and Segregation of Duties Matrix with control objectives and assertions (control requirements) in the Risk Control Matrix to ensure that the adequacy of risk mitigation can be assessed. The department examines and selects assessment items for each business process based on a consideration of the materiality of risks.
3. Documentation tools for design status of process-level controls
The Operation Flowchart, Operation Description, RCM (Design Status Assessment Sheet), and Duty Segregation Table are used as documentation tools. Consolidated subsidiaries prepare documentation tools as appropriate with reference to the parent company’s documentation tools.
4. Documentation system for process-level controls
Process owners and individuals in charge prepare the Process Flowchart, Process Narrative, Risk Control Matrix (RCM), and Segregation of Duties Matrix. The Corporate Finance and Management Department evaluates the current status of the design of process-level controls using the RCM (Design Status Assessment Sheet). If there are any deficiencies, the relevant process owners and assigned personnel for individual business processes will take responsibility for their remediation, after which the Corporate Finance and Management Department will evaluate the design status once more. Assigned personnel in the Systems Planning Department and assigned personnel at the contractor, KISSEI COMTEC Co., Ltd., participate in IT application controls for each system to ensure that there are no omissions in automated controls.
5. Definition of business processes and sub-processes with respect to process-level controls
A business process is a series of corporate activities from the development of a product or service to purchasing, production, sale, and distribution. It also includes activities related to compliance with laws and regulations and the recording of accounting and financial reporting information. A sub-process is one activity in a business process that has been subdivided into individual activities.
6. Selection of locations or business units required to document process-level controls
The Company’s chairman selects the locations or business units required to document process-level controls based on the assessment policies set forth below.
(1) Selecting significant locations or business units
| 1 | Significant locations or business units are determined based on consolidated net sales. |
|---|---|
| 2 | After the net sales after consolidation elimination of locations and business units are listed in descending order and combined, those that are included in the top two-thirds of the total are selected as significant. |
| 3 | In addition to the locations and business units with significant quantitative impact as described above, significant locations or business units are determined, as necessary, in consideration of their qualitative impact. |
(2) Criteria for determining significant locations or business units based on the degree of effectiveness of company-level controls and determination of validity of the two-thirds criterion
If there is a problem with the effectiveness of company-level controls, the basic requirement is to bring them to an effective level through remedial measures. However, if there is a deficiency that is difficult to remedy, the impact on process-level controls will be examined, and the appropriateness of the criteria for selecting significant locations or business units and the validity of the two-thirds criterion (whether to expand scope) will be determined.
7. Selection of business processes subject to process-level controls
(1) In principle, business processes subject to documentation of process-level controls are selected as follows.
Selection of business processes that impact accounts closely associated with the company’s business objectives
Accounts that are closely associated with our business objectives are net sales, accounts receivable - trade, and inventories. However, if other accounts that are closely associated with our business objectives are determined to have a significant impact, their addition to the selection will be considered, as necessary. The business processes related to each account are as follows:
| 1 | Net sales: Sales process |
|---|---|
| 2 | Accounts receivable - trade: Sales process |
| 3 | Inventories: Purchasing process, costing process, inventory control process |
(2) Scope of sales process, purchasing process, costing process, and inventory control process Sub-processes of each business process are as follows.
| 1 | Sales process: Receipt of orders, shipment, invoicing, collections, credit management, discounts, rebates, returns, master data management |
|---|---|
| 2 | Purchasing process: Order placement, acceptance inspection, returns, master data management |
| 3 | Costing process: Standard cost setting, cost accounting, cost variance adjustment |
| 4 | Inventory control process: Disposal, write-down, physical stocktaking |
(3) Determination for exclusion from scope of assessment of those business processes that have no material impact on financial reporting from among business processes that impact accounts closely associated with the company’s business objectives
In cases where the Company operates multiple businesses at significant locations or business units, business processes that are not closely associated with important businesses or operations and that have no material impact on financial reporting are excluded from the scope of assessment.
(4) Identification of material misstatement risk and selection of business processes for addition to scope of assessment
Business processes identified as being of high risk in the Risk Catalog Assessment Sheet are added to the scope of assessment.
8. Confirmation of design status of internal control over outsourced processes
Contractors are evaluated on whether they have established internal controls that enable mitigation of material misstatement risk in financial reporting. If it is possible to use reports of assessments that the contractor has undergone separately, these will be reviewed. Otherwise, other measures are considered, such as performing evaluation directly through sampling.
V. Establishment of IT General Controls
Internal controls to mitigate material misstatement risk in financial reporting are established. Basically, an effective level of internal control is established by evaluating the current design and operation of internal controls. Once the scope of assessment of business processes has been decided, the scope of documentation and assessment of associated systems will be decided. With respect to documentation, since this is an area that requires specialized knowledge, advice is obtained from outside experts, as necessary.
1. Documentation of IT general controls
(1) IT systems are divided into groups according to control activities in each evaluation domain and document IT general controls for each group.
(2) To obtain an overview of the system, a System Overview Worksheet containing a list of application systems, computer environment, and other details is prepared.
(3) A Risk Control Matrix for IT general controls is prepared to identify risks in IT general controls and their mitigation status.
2. Assessment items for design status of IT general controls
Assessment items for IT general controls are decided with reference to the key points of control and control activities described in the Risk Control Matrix for IT general controls. Assessment items are reviewed, in cooperation with the department in charge, at appropriate times, such as when changes are made to the Risk Control Matrix for IT general controls.
3. Documentation tools for design status of IT general controls
The Risk Control Matrix for IT general controls is used.
4. Documentation areas for design status of IT general controls
IT general controls are documented in each of the following assessment domains:
(a) Management of system development
(b) Management of system changes
(c) Management of system operation
(d) Access management
5. Identification of documentation units for IT general controls
In the business processes selected for inclusion in the scope of documentation, if an IT system is used to automate operational processing, the status of that system’s assessment domains will be ascertained and the units for documentation of IT general controls will be identified based on an overview of that status.
Chapter 3. Assessment Policy for Internal Controls over Financial Reporting
I. Development of Assessment Plan
Once the financial figures for the previous year’s end are finalized, the Corporate Finance and Management Department will reexamine the locations or business units and business processes subject to assessment and determines the scope of assessment for the current fiscal year. Based on this reexamination, the Auditing Department develops an annual schedule for the system, timing, and other details of assessment.
II. Assessment of Risks and Risk Treatment System
1. Risk treatment policy
As it is not realistically possible to treat all risks, only those that may have a material impact on financial reporting are treated. Sufficient attention should be paid to the fact that the risks to be treated may change according to changes in the business environment.
2. Risk assessment methods
At the beginning of each fiscal year, the Corporate Finance and Management Department interviews departments in charge to determine whether the risks identified in the previous fiscal year in the Risk Catalog Assessment Sheet are sufficient. The Corporate Finance and Management Department then assesses risks by evaluating aspects including whether there have been any changes in the circumstances described in the Risk Catalog Assessment Sheet, taking into account factors such as the likelihood of occurrence, degree of impact, and impact on financial reporting. It also checks for changes in the circumstances since the beginning of the fiscal year as appropriate.
III. Assessment of Company-Level Controls
1. Assessment method of company-level controls
After confirming that all necessary assessment items are listed on the Company-Level Internal Control Sheet, the design and operation status is assessed by asking questions of process owners and managers of relevant departments and inspecting documentary evidence as necessary.
2. Assessment items for company-level controls
The Corporate Finance and Management Department determines the assessment items of the Company-Level Internal Control Sheet, referring to the 42 assessment items described in the Practice Standards, and review them at appropriate times, such as in the event of organizational restructuring. Among the assessment items for company-level controls (excluding items that have a particularly material impact on the reliability of financial reporting), for those indicated as effective in the previous year’s assessment results and whose design status has not significantly changed from the previous fiscal year, the operation status assessment results for the previous fiscal year may continue to be used by making a record to that effect.
3. Assessment tool for company-level controls
The Company-Level Internal Control Sheet is utilized. The parent company (Kissei Pharmaceutical) is assessed on all items on the sheet. Consolidated subsidiaries are assessed using sheets for consolidated subsidiaries containing appropriately selected assessment items.
4. Selection of locations or business units subject to assessment of company-level controls
Basically, all locations and business units are subject to assessment. However, if they have no material quantitative and qualitative impact on financial reporting, they will be excluded from the scope of assessment. In addition, in cases where significant deficiencies or other issues are identified at locations or business units not subject to assessment, these locations or business units will be included in the assessment for the fiscal year in which the issues occurred. A quantitative impact is judged as not material when either of the following criteria applies:
| 1 | In consolidated financial statements, a location or business unit whose pre-tax profit after consolidation elimination is not included in the top 95% of the total cumulative pre-tax profit when locations and business units are ranked in descending order of amount and their pre-tax profits are combined |
|---|---|
| 2 | In consolidated financial statements, a location or business unit whose net sales after consolidation are not included in the top 95% of the total cumulative net sales when locations and business units are ranked in descending order of amount and their net sales are combined |
The materiality of quantitative impact is determined based on absolute values rather than simple figures, including negative figures.
5. Consultation with the accounting auditor
Once the locations or business units to be excluded from the assessment have been selected, the Corporate Finance and Management Department and the Auditing Department will consult with the accounting auditor on the appropriateness of those selections.
6. Judgment of effectiveness of company-level controls
Effectiveness is judged by confirming that the company-level controls satisfy the following conditions in order to mitigate the risk of misstatements in financial reporting.
(1) Company-level controls have been established in accordance with the generally accepted framework for internal control.
(2) Company-level controls support the effectiveness of process-level controls and are appropriate components of the Company’s overall internal control framework.
IV. Assessment of Internal Controls Over Financial Closing and Reporting Process
1. Assessment method of internal controls over financial closing and reporting process
(1) For financial closing and reporting processes to be assessed from a company-wide perspective, the status of design and operation is assessed using the Company-Level Assessment Sheet by asking questions of process owners and managers of relevant departments and inspecting documentary evidence, as necessary.
(2) Financial closing and reporting processes to be assessed as individual business processes are assessed in accordance with the assessment method of process-level controls.
2. Assessment items for internal controls over financial closing and reporting process
(1) For financial closing and reporting processes to be assessed from a company-wide perspective, assessment items in the Company-Level Assessment Sheet are used, and the Corporate Finance and Management Department reviews the assessment items, as necessary.
(2) For financial closing and reporting processes to be assessed as individual business processes, the Assessment Item Identification List is used to determine materiality, and the assessment items are selected by the Corporate Finance and Management Department.
3. Assessment tool for internal controls over financial closing and reporting process
(1) For financial closing and reporting processes to be assessed from a company-wide perspective, the Company-Level Assessment Sheet is used.
(2) Financial closing and reporting processes to be assessed as individual business processes are assessed in accordance with the assessment method of process-level controls is used.
4. Selection of locations or business units subject to assessment of internal controls over financial closing and reporting process
The locations or business units subject to documentation are those selected for company-level controls.
5. Selection of disclosure information, etc. that may have a material impact on reliability of financial statements
From among disclosure information, etc. other than financial statements in annual securities reports and other documents, the Corporate Finance and Management Department selects disclosure information, etc. that may have a material impact on the reliability of financial statements, taking their quantitative and qualitative materiality into consideration, based on the following:
(1) Information derived from data presented in financial statements and others
(a) “Key Financial Data” under “Overview of Company”
(b) “Business Risks,” “Research and Development Activities,” and “Management Analysis of Financial Position, Operating Results and Cash Flows” under “Overview of Business”
(c) “Information About Facilities”
(d) “Company’s Shares, Etc.,” “Acquisition and Disposal of Treasury Shares,” “Dividend Policy,” and “Corporate Governance” under “Information About Reporting Company”
(e) “Components of major assets and liabilities” and “Other Information” under “Financial Information”
(f) “Corporate Bonds Under Guarantee” and “Information About Reference Indices” under “Information About Reporting Company’s Guarantor, Etc.”
(2) Items closely related to decisions involved in preparing financial statements
(a) “Description of Business” and “Subsidiaries and Other Affiliated Entities” in “Overview of Company”
(b) Details of affiliated entities, related parties, major shareholders, etc. described in “Major Shareholders” under “Information About Reporting Company”
6. Consultation with the accounting auditor
The accounting auditor is consulted once the scope of items to be assessed from a company-wide perspective, the method of assessment, and other relevant matters are determined.
7. Determination of the effectiveness of the design and operation of internal controls over financial closing and reporting process by assessment item
(1) For financial closing and reporting processes to be assessed from a company-wide perspective, attention is paid to the following points:
(a) Controls are designed and operated in accordance with the generally accepted framework for internal control.
(b) The controls support the effective design and operation of individual process-level controls and are appropriate components of the overall financial closing and reporting process.
(2) For financial closing and reporting processes to be assessed as individual business processes, the judgment of effectiveness of the design and operation status of internal controls over business processes for each assessment item applies.
V. Assessment of Process-Level Controls
1. Assessment method of process-level controls
Assessment method of process-level controls is in accordance with the assessment of the design status and operation status described below. With respect to IT application controls, assigned personnel in the System Planning Department and at the contractor, KISSEI COMTEC Co., Ltd., participate for each system and evaluate whether there are any problems in the assessment of automated controls, as necessary, taking changes in the IT environment into account.
(1) Assessment of design of process-level controls Assessment method of design effectiveness
(a) Evaluate whether the Process Flowchart, Process Narrative, and Segregation of Duties Matrix are consistent with the actual situation by asking questions of process owners and assigned personnel, observing operations, and inspecting documentary evidence.
(d) Review the Risk Control Matrix to evaluate the risks in the relevant operations and the existence and adequacy of controls to mitigate those risks.
(c) Describe the results of assessment concerning control track records and the adequacy of controls in the RCM (Design Status Assessment Sheet).
(d) In principle, the design status of internal controls must be assessed on an annual basis. However, if assessment results indicate that company-level controls are effective, the design status assessment results for the previous fiscal year may continue to be used for the following process-level controls by making a record to that effect: among the relevant process-level internal controls (excluding those that have a particularly material impact on the reliability of financial reporting), those indicated as effective in the previous year’s assessment results and whose design status has not significantly changed from the previous fiscal year.
(2) Assessment of operation of process-level controls Assessment method of operating effectiveness
(a) The operation status is evaluated by asking questions of process owners and assigned personnel, inspecting documentary evidence, re-executing, and other means, and the assessment results are described in the RCM (Operation Status Assessment Sheet). Sampling for operation assessment are conducted as follows.
(b) Sample size and sampling method
i. Sample size is determined according to the effectiveness of company-level controls.
Samples are selected at random.
ⅱ. Decision on whether to use the assessment results of past years in IT application controls
Among the systems to be assessed, if the assessment results of the previous fiscal year show them to be effective and the related IT general controls are being operated effectively in the current fiscal year with no changes made to the system, the operation status assessment results for the previous fiscal year may continue to be used. However, it is necessary to prove that no changes have been made to the system. In addition, if there has been a change in the IT environment related to the item, an assessment will be conducted, as necessary.
(c) In principle, the operation status of internal controls must be assessed on an annual basis. However, if assessment results indicate that company-level controls are effective, the operation status assessment results for the previous fiscal year may continue to be used for the following process-level controls by making a record to that effect: among the relevant process-level internal controls (excluding those that have a particularly material impact on the reliability of financial reporting), those indicated as effective in the previous year’s assessment results and whose design status has not significantly changed from the previous fiscal year.
2. Assessment items for process-level controls
In consideration of the materiality of risks for each business process, controls that should be assessed are designated as assessment items and the designation is reviewed, as necessary.
3. Assessment tools for process-level controls
The Process Flowchart, Process Narrative, Risk Control Matrix (RCM; Design Status Assessment Sheet and Operation Status Assessment Sheet), and Segregation of Duties Matrix are used as assessment tools.
4. Selection of locations or business units subject to assessment of process-level controls
(1) Selecting significant locations or business units
| 1 | Significant locations or business units are determined based on consolidated net sales. |
|---|---|
| 2 | After the net sales after consolidation elimination of locations and business units are listed in descending order and combined, those that are included in the top two-thirds of the total are selected as significant. |
| 3 | In addition to the locations and business units with significant quantitative impact as described above, significant locations or business units are determined, as necessary, in consideration of their qualitative impact. |
(2) Decision on the appropriateness of selection of locations or business units (whether to expand scope) and policies and selection methods when expanding the scope of assessment
| 1 | If there is a problem with the effectiveness of company-level controls, the impact on process-level controls is considered. |
|---|---|
| 2 | When assessing the operation of company-level controls, if there is a problem with the effectiveness of control over an individual location or business unit, the addition of that location or business unit to the scope of assessment is considered. |
| 3 | If there is a problem with the effectiveness of locations or business units already subject to assessment, measures such as increasing the sample size are considered. |
| 4 | Remedial measures are taken in the event of deficiencies in design status or deficiencies affecting the overall assessment. (Measures such as expanding the scope of business process assessment are not taken.) |
5. Selection of business processes subject to process-level controls
(1) Determination for exclusion from scope of assessment of those business processes that have no material impact on financial reporting from among business processes that impact accounts closely associated with the company’s business objectives
In cases where we operate multiple businesses at significant locations or business units, we exclude from the scope of assessment business processes that are not closely associated with important businesses or operations and that have no material impact on financial reporting.
(2) Identification of material misstatement risk and selection of business processes for addition to scope of assessment
The Corporate Finance and Management Department adds business processes identified as being of high risk in the Risk Catalog Assessment Sheet to the scope of assessment.
6. Consultation with the accounting auditor
Once the significant locations or business units and business processes to be assessed have been selected, the Corporate Finance and Management Department and the Auditing Department will consult with the accounting auditor on the appropriateness of those selections.
7. Determination of the effectiveness of the design and operation of process-level controls by individual assessment item
(1) Determining design effectiveness
Attention is paid to the following points:
(a) whether internal control is being conducted effectively to prevent or detect any fraud or error in a timely manner;
(b) whether duties are segregated in an appropriate manner;
(c) whether assigned personnel possess the knowledge and experience necessary to conduct internal control;
(d) whether information concerning internal control is appropriately communicated, analyzed, and used; and
(e) whether any measures are in place to address fraud or error identified by internal control in a timely manner.
(2) Determining operating effectiveness
The assessment method described in the assessment method of process-level controls are used.
8. Assessment of outsourced processes
(1) Identification of outsourced processes in the selected business processes
Outsourced processes in the selected business processes are subject to assessment.
(2) Determination of the impact on financial reporting (determining materiality)
If significant controls are dependent on the internal controls of a contractor, the impact on financial reporting is judged to be material. If the Group’s process-level controls are serving to mitigate material misstatement risk, the impact of the contractor’s controls on financial reporting will be judged as not material.
(3) Method of assessment of internal controls over outsourced processes determined to have a material impact on financial reporting
Contractors are evaluated on whether they have established internal controls that enable mitigation of material misstatement risk in financial reporting. If it is possible to use reports of assessments that the contractor has undergone separately, these will be reviewed. Otherwise, other measures are considered, such as performing evaluation directly ourselves through sampling. Attention is paid to the following points when using these reports:
(a) the scope of assessment in the report includes processes contracted by Kissei Pharmaceutical; and
(b) the assessment procedures in the report are deemed to be appropriate.
VI. Assessment of IT General Controls
1. Assessment method of IT general controls
(1) IT systems are divided into groups according to control activities in each evaluation domain and IT general controls are assessed for each group.
(2) After evaluating the Risk Control Matrix, the design and operation status will be assessed by asking questions of process owners and managers of relevant departments and inspecting documentary evidence, as necessary.
(3) Among the IT general controls (excluding those that have a particularly material impact on the reliability of financial reporting), for those indicated as effective in the previous year’s assessment results and whose design status has not significantly changed from the previous fiscal year, the operation status assessment results for the previous fiscal year may continue to be used by making a record to that effect. However, if there has been a change in the IT environment related to the item, an assessment will be conducted, as necessary.
2. Assessment items for IT general controls
The assessment items of the Risk Control Matrix are used.
3. Assessment tool for IT general controls
The Risk Control Matrix is used as the assessment tool.
4. Assessment of assessment units for IT general controls
In the business processes selected in the scope of assessment, if an IT system is used to automate operational processing, the status of the system’s assessment domains and the units of assessment of IT general controls are identified based on an overview of that status.
5. Consultation with the accounting auditor
Once the assessment units of IT general controls to be assessed have been determined, the Corporate Finance and Management Department and the Auditing Department will consult with the accounting auditor on the appropriateness of those determinations.
6. Determination of the effectiveness of IT general controls over assessment of IT application controls
If the design and operation status of IT general controls is effective, the sample size for assessing implementation of the IT application controls will be the minimum of one sample.
VII. Examination of Deficiencies
1. Estimation and aggregation of quantitative impact of deficiencies
Separate Deficiency Lists are prepared for company-level controls, internal controls over financial closing and reporting process, process-level controls, and IT general controls. If the deficiencies are not remediated, the quantitative impact of deficiencies will be estimated and aggregated.
(1) Company-level controls
(a) If there are deficiencies in internal controls, the details of the deficiencies will be described in the Company-Level Internal Controls Sheet and a Deficiency List prepared.
(b) If, as a result of assessing the deficiencies found for each basic element, it is determined that the basic element is not effective, its impact on other basic elements will be considered.
(c) If there are deficiencies resulting in insufficient support of business processes, and these deficiencies have an impact on business processes, the details and materiality of that impact will be identified.
(2) Internal controls over financial closing and reporting process
(a) If there are deficiencies in internal controls, the details of the deficiencies are described in the Company-Level Assessment Sheet and a Deficiency List prepared.
(b) If there are deficiencies in the financial closing and reporting process as an individual business process, the process-level controls will be applied.
(3) Process-level controls
(a) If there are deficiencies in internal controls, the details of the deficiencies are described in the RCM (Design Status Assessment Sheet, Operation Status Assessment Sheet) and a Deficiency List prepared.
(4) Internal controls over IT general controls
(a) If there are deficiencies in internal controls, the details of the deficiencies are described in the RCM (Design Status Assessment Sheet, Operation Status Assessment Sheet) and a Deficiency List prepared.
2. Material weaknesses
A material weakness is a deficiency in internal control that is likely to have a material impact on financial reporting.
(1) Material weaknesses in company-level controls
Among deficiencies in company-level controls, material weaknesses are as follows. In addition, both the quantitative and qualitative impacts of the material weaknesses are examined and determined.
(a) Management is not conducting risk assessments associated with the reliability of financial reporting, nor is it treating such risks.
(b) Either the Board of Directors or Audit & Supervisory Board is not supervising, monitoring, or examining the design and operation of internal controls for the assurance of reliability of financial reporting.
(c) The department responsible for assessing the effectiveness of internal control is not clear.
(d) Deficiencies existing in internal controls over IT relating to financial reporting are being left uncorrected.
(e) Either the Board of Directors or Audit & Supervisory Board is unable to supervise, monitor, or examine the effectiveness of internal control due to the lack of records on the design of internal controls, such as records of process flow, identification of misstatement risks and internal controls over risks.
(f) Deficiencies in company-level controls reported to management, the Board of Directors, or Audit & Supervisory Board are not being corrected within a reasonable period of time.
(2) Material weaknesses in internal controls over the financial closing and reporting process
Among deficiencies in the financial closing and reporting process to be assessed from a company-wide perspective, material weaknesses are as follows. In addition, both the quantitative and qualitative impacts of the material weaknesses are examined and determined.
(a) Deficiencies in documentation of accounting practices and in accounting policies and procedures
(b) Deficiencies in talent depth, competence, and training of accounting personnel
(c) Significant revisions due to comments by the accounting auditor
(d) Adjustments to financial statements of past years
Material weaknesses in internal controls over the financial closing and reporting process as individual business processes correspond to material weaknesses in process-level controls.
(3) Material weaknesses in process-level controls
A material weakness in process-level controls is a deficiency in internal controls that is likely to result in a misstatement exceeding a certain amount or a qualitatively material misstatement.
(a) Quantitative materiality
The materiality threshold is around 5% of pre-tax income after consolidation elimination, but it is determined as appropriate in consultation with the accounting auditor, while taking into consideration the relationship with quantitative materiality in the auditing of financial statements.
(b) Qualitative materiality
Decisions are made based on delisting criteria, the degree of impact on investment decisions, transactions with related parties, and the degree of impact on the reliability of financial reporting of items such as the status of major shareholders.
(4) material weaknesses in IT general controls
A material weakness in IT general controls is a deficiency in IT general controls that make it impossible to maintain the continuous effective operation of IT.
3. Determining material weaknesses
(1) In cases where there are multiple deficiencies in internal controls, they will be assessed for whether together they constitute a material weakness. Cases where multiple deficiencies together constitute a material weakness are as follows.
Where, when all deficiencies relating to the same account are combined, the effect of the deficiencies constitutes a material misstatement in financial reporting
(a) Cases where the combined effect of multiple deficiencies on one account constitutes a material weakness
(b) Cases where deficiencies at multiple locations or business units constitute a material weakness as a whole
(2) Cases where the aggregate effect of the deficiencies does not constitute a material misstatement at the financial statement level when viewed by account, but it does constitute a material misstatement when the effects pertaining to multiple accounts are combined
4. Method of reporting deficiencies
The Auditing Department reports any material weaknesses and any reportable deficiencies to the chairman, Audit & Supervisory Board members and the Risk Management Committee. The Risk Management Committee reports any material weaknesses to the Board of Directors.
VIII. Remediation of Material Weaknesses
1. Development of remediation plan
The Auditing Department develops a remediation plan by compiling the corrective measures for material weaknesses stated in the Deficiency List and report the plan to the chairman, Audit & Supervisory Board members and the Risk Management Committee. The Risk Management Committee in turn reports it to the Board of Directors.
2. Method of executing remedial action
Each department in charge and related departments execute remedial actions based on the remediation plan in accordance with the establishment of internal controls.
3. Method of reporting remediation results
The Auditing Department assesses the results of remediation reported by each department in charge and relevant departments and report the results to the chairman, Audit & Supervisory Board members and the Risk Management Committee. The Risk Management Committee in turn reports those results to the Board of Directors.
IX. Reassessment and Other Additional Measures
1. Method of examining significant changes made before period-end date when assessment is conducted on an interim date
Confirmation is made that there have been no significant changes before the period-end date with a Letter of Confirmation of Internal Controls as of the Period-end Date provided to each department in charge.
2. Consideration of additional assessment measures in response to material changes
If changes are made to material controls after the assessment has been conducted during the period, additional assessment measures will be considered.
3. Scope of reassessment
Only those areas affected by the changes in controls are subject to reassessment.
4. Reassessment method, sample size, etc.
Reassessment is conducted with a sample size deemed necessary in line with the frequency of controls.
5. Evaluation of scope of assessment and materiality threshold based on finalized figures at period-end date
(1) The appropriateness of the scope of assessment is evaluated based on the final figures at the end of the period.
(2) If the materiality threshold has been changed, confirmation is made of whether this will affect the determination of material deficiencies based on the final figures at the period-end date.
6. Evaluation of remedies implemented from period-end date to date of submission of Internal Control Report and their effectiveness
If remedial measures are taken after the period-end date, the content and effectiveness of such measures will be evaluated in accordance with regular assessment methods.
X. Policy for Exclusion from Assessment Due to Difficulty in Conducting Assessment
In cases where unavoidable circumstances preclude sufficient assessment procedures for certain internal controls, the affected controls will be excluded from the scope of assessment in consultation with the accounting auditor, after the impact of that exclusion on financial reporting has been sufficiently ascertained.
For example, the following cases are judged to be unavoidable circumstances.
(1) In the event of the acquisition of, or merger with, another company in the second half of the fiscal year
(2) In the event of a disaster
XI. Internal Control Report
(1) The Auditing Department prepares a draft Internal Control Report and submits it to the chairman.
(2) The Internal Control Report is to be formatted to comply with the Cabinet Office Order.
XII. Recording and Retention
The Auditing Department must record and retain information concerning the assessment of the effectiveness of internal control over financial reporting, including all procedures, results, identified deficiencies, and remedial measures. Related supporting documents are to be appropriately retained so that a third party can inspect them at a later date. The retention period of prepared records on internal controls is the period prescribed in the Document Management Regulations. Records are retained on digital media, paper, film, and other formats that enable them to be viewed in a timely manner when required.
XIII. Supplementary Provisions
This Basic Policy is established on January 17, 2008.
Revised April 1, 2024
Implementation Standards for Management and Audit of Public Research Funds
1. Objective
Kissei Pharmaceutical Co., Ltd. (“we,” “our,” “the Company”) establishes these standards for the purpose of properly managing competitive research funds (“competitive funds, etc.”), which includes open-call research funds distributed by the Ministry of Education, Culture, Sports, Science and Technology (MEXT) or independent administrative corporations under MEXT’s jurisdiction (“funding agencies”), pursuant to the Guidelines for Management and Audit of Public Research Funds at Research Institutions (Implementation Standards) established by MEXT (the “MEXT Guidelines”).
2. Organization and Roles
2.1 Responsibility hierarchy
We establish the following hierarchy for the operation and management of competitive funds, etc. as set forth in the MEXT Guidelines.
| Chief administrative officer: | President |
|---|---|
| General manager: | Division director of Clinical Development Division |
| Public funds compliance promotion officers: | Senior Director of Research Strategy and Planning Department, Research Division Senior Director of Clinical Research Department, Clinical Development Division Senior Director of Corporate Finance and Management Department |
2.2 Authorities and responsibilities
The specific authorities and responsibilities of each of the above officers are governed by the Company’s rules and regulations, in addition to the provisions set forth in the following items.
1) The chief administrative officer oversees the entire company and bears final responsibility for the operation and management of competitive funds, etc. The general manager also demonstrates appropriate leadership to ensure that the general manager and public funds compliance promotion officers are able to operate and manage competitive funds, etc. responsibly.
2) The general manager assists the chief administrative officer and has the practical responsibility and authority for the oversight of all relevant divisions concerning the operation and management of competitive funds, etc. The general manager is also responsible for overseeing cross-organizational frameworks for the prevention of misconduct related to the operation and management of competitive funds, etc., and verifying information pertaining to misconduct across all relevant divisions. In the event that misconduct occurs, the general manager reports the status of such misconduct to the chief administrative officer.
3) The public funds compliance promotion officers have the practical responsibility and authority for the operation and management of competitive funds, etc. in the individual divisions. In addition, under the direction of the general manager, they implement measures for the prevention of misconduct in the individual divisions and report on the status of their implementation to the general manager. To prevent misconduct, they provide compliance training to all researchers and administrative personnel involved in the operation and management of competitive funds, etc. (“members”) in the individual divisions and manage and supervise members’ attendance of such training. In the relevant divisions, they monitor whether members are managing and executing competitive funds, etc. appropriately and provide corrective guidance if that management and execution is inadequate.
3. Establishment of environment
We establish an appropriate environment for the operation and management of competitive funds, etc. under our internal control framework pursuant to the Companies Act and our financial reporting reliability framework pursuant to the Financial Instruments and Exchange Act. This environment includes the following conditions.
3.1 Administrative authority
The authorities and responsibilities of members concerning the administrative processing of competitive funds, etc. will be governed by Organization Regulations, Duty Segregation Regulations, and Job Authority Regulations separately established.
3.2 Members’ code of conduct
In the operation and management of competitive funds, etc., members must understand both the letter and the spirit of the principle that research funds are public funds requiring proper management by the Company. Using their professional skills, they must carry out administrative procedures to ensure that public funds are used appropriately while aiming for efficient execution of research.
3.3 Compliance training
Under the direction of the public funds compliance promotion officers of each division, the Clinical Management Group of the Clinical Management Office in the Clinical Development Division’s Clinical Research Department provides members with compliance training (including on company rules regarding competitive funds, etc.) and confirms the attendance status and degree of attendees’ understanding of such training. It will also obtain written pledges from members at various opportunities such as training sessions upon the appointment and replacement of members.
4. Appropriate operation and Management of Research Funds
1) The management of competitive funds, etc. is governed by internal regulations, including these standards, in addition to the following regulations. Members are expected to adhere to the principle of conducting fair and equitable transactions and procurement with business partners.
- · Basic Policy on the Establishment and Assessment of Internal Controls over Financial Reporting
- · Organization Regulations
- · Job Authority Regulations
- · Duty Segregation Regulations
- · Budget Management Regulations
- · Regulations on the Management of Operations Related to Contracts, etc.
- · Internal Audit Regulations
- · Purchasing Regulations
- · Kissei Pharmaceutical Purchasing Policy
- · Conduct Guidelines for Purchasing Officers
2) Orders for goods and services are to be placed by the ordering department in accordance with the contract with the relevant supplier. When concluding a contract with a supplier, approval is to be obtained from the person with appropriate authority after first having the contract examined by the Legal Department.
3) The acceptance inspection of goods and services is to be conducted by the designated inspection department in accordance with the product specifications, delivery specifications, and related documents that have been established in advance.
4) If a supplier has been involved in an improper transaction, we will exercise our right to terminate the contract and cease transactions with that supplier. We will also exercise our right to claim compensatory damages.
5) Members are to manage expenses in accordance with the separately established important notes on reimbursement of expenses.
6) The Clinical Management Group of the Clinical Management Office in the Clinical Development Division’s Clinical Research Department verifies the status of budget execution to ensure that it aligns with the actual situation. If budget execution varies significantly from initial plans, we will check for any problems with the execution of the research plans and undertake corrective measures as necessary.
5. Misconduct Prevention Measures
5.1 Identification of factors leading to misconduct and formulation of misconduct prevention plans
Under the Corporate Finance and Management Department, which has oversight over the systems for financial reporting reliability pursuant to the Financial Instruments and Exchange Act, we identify the factors that lead to misconduct in the use of competitive funds, etc. and formulate plans for the prevention of such misconduct.
5.2 Implementation of misconduct prevention plans
1) The Finance and Accounting Section in the Corporate Finance and Management Department, the Research Planning Group in the Research Division’s Research Strategy and Planning Department, and Clinical Management Group of the Clinical Management Office in the Clinical Development Division’s Clinical Research Department (“prevention planning departments”) work together to advance plans for the prevention of misconduct regarding competitive funds, etc., and confirm the status of implementation of such plans.
2) The chief administrative officer takes the lead in the prevention of misconduct and personally strives to manage progress of the misconduct prevention plans. The fact that the chief administrative officer leads the prevention of misconduct is announced both within and outside the company.
5.3 Investigation of misconduct and disciplinary measures
If a member or other party is found to have engaged in misconduct in the use of competitive funds, etc., we will investigate the facts through the disciplinary committee, and disciplinary measures will be taken at the decision of the president. Where necessary, a special project team may be set up in place of the disciplinary committee.
5.4 Handling of complaints
If we receive a whistleblowing report (complaint), we will conduct an investigation in accordance with the Compliance Program Regulations and report to the funding agency in accordance with the MEXT Guidelines.
6. Communication of Information
1) The following contact points are established to receive both internal and external inquiries regarding the rules concerning the use of competitive funds, etc., related administrative procedures, and other matters.
Research Planning Group, Research Strategy and Planning Department, Research Division Phone: +81-(0)263-82-8820
Clinical Management Group, Clinical Management Office, Clinical Research Department, Clinical Development Division Phone: +81-(0)3-5684-3596
Finance and Accounting Section, Corporate Finance and Management Department Phone: +81-(0)263-25-9651
2) The following contact points are established to receive both internal and external whistleblowing reports (complaints) regarding the rules and other matters concerning the use of competitive funds, etc.
Compliance Promotion Office, Legal Department Phone: +81-(0)263-25-9081
Tanaka Yoshikubo Law Office Phone: +81-(0)3-3230-0137
Kubota Law Office Phone: +81-(0)263-32-0610
3) Any person receiving inquiries or whistleblowing reports who obtains information regarding misconduct is to report it to the chief administrative officer immediately.
4) We report our policies and decision-making processes regarding our approach to misconduct related to competitive funds, etc. to the funding agency, in lieu of public disclosure.
7. Monitoring
We monitor whether activities for the use of competitive funds, etc. are conducted appropriately in accordance with relevant regulations and whether those activities are being operated reasonably for the achievement of management objectives through our organization, job architecture, internal procedures, and internal audits.
8. Internal Audits
We conduct annual audits in accordance with the Internal Audit Regulations to determine whether the accounting procedures concerning activities that use competitive funds, etc. are being conducted properly and the relevant accounting documents are being prepared and retained appropriately. The internal audit department engages in this work in coordination with the prevention planning departments and the accounting auditor.
9. Monitoring by MEXT, etc.
The Clinical Management Group of the Clinical Management Office in the Clinical Development Division’s Clinical Research Department provides written reports to MEXT and other concerned parties on the status of establishment of systems and other matters based on the MEXT Guidelines. We cooperate with investigations (through documents, interviews, and on-site inspections) conducted by MEXT under the MEXT Guidelines. If any issues are identified as a result of such investigations, we will immediately prepare and implement a corrective action plan.
Established March 26, 2009 (1st Edition)
However, these standards apply retrospectively from December 24, 2008.
Revised April 1, 2017 (8th Edition)
Implementation Standards for Management and Audit of Public Research Funds 8th Edition【PDF/138kb】
