Major business, financial and other matters, which management considers to have the potential to affect the financial position, operating results and cash flows of consolidated companies, are described below.
We aim to actively disclose information to investors and disclose also matters that are not necessarily risk factors but that are considered important for investment decisions. The risks related to investment, however, are not limited to those described below.
The Group takes into consideration risks and the probability of their occurrence and strives to minimize their potential adverse impact on management and business. Forward-looking statements are based on our judgments as of the end of March 2020, and are not guarantees of future outcomes.
1. Hazard Risks
Risks related to natural disasters or similar events
In March 2020, the Group established and introduced a work-from-home system to control the spread of Nobel Coronavirus (COVID-19). However, the Group's business operation, operating results, financial standing, and other aspects may be affected by the difficulty of prompt recovery or continued provision of head office functions and important services, by withdrawal from some operations or services, or by other events that will be caused by the occurrence of those disasters, announcement of a state of emergency, or request to respond to it, among others.
The Group formulated a business continuity plan and an emergency response manual to prepare for major natural disasters affecting a wide area, pandemics such as a novel influenza outbreak, and other emergencies. Thus, the Group is ready to respond promptly and appropriately to those events.
2. Strategic Risks
Risks related to recruitment
For the Group to establish and enhance its corporate foundation to achieve growth, it is essential to recruit and develop excellent human resources with relevant skills and expertise. In addition, the Group is highly dependent on its intangible assets, including special expertise and experience accumulated mainly in the field of information security technologies. Amid the chronic shortage of human resources in the IT industry, the Group's business operation, operating results, financial standing, and other aspects may be affected if it fails to secure the human resources needed for its business expansion due to the loss of engineers with industry-leading expertise or similar causes.
The Group recruits a wide range of human resources with a high level of fundamental skills and ones with industry-ready skills. Recruited employees are developed through training programs and on-the-job training. The Group also strives to improve the workplace environment and increase employees' motivation through workstyle reform.
Risks related to acceptance of orders
Normally, the Group provides services, makes purchases, or takes other actions after receiving an order. In some cases, however, the Group implements tasks, makes purchases, or takes other actions before signing a contract for strategic reasons. There are also cases in which additional cost is generated for responding to a change in specifications, where goods in process are generated at the time of discontinuation of a project or cancellation of a contract, and where advance payment is made to a supplier, among others. The Group's business operation, operating results, financial standing, and other aspects may be affected if these expenses are not recovered.
Risks related to seasonal imbalance in business performance
Due to the budget execution cycle of customers, sales of the Group tend to increase disproportionately in March, which is the fiscal year-end of many customers. On the other hand, because fixed expenses and SG&A expenses included in the cost are generated constantly, the amount of operating income tends to be the greatest in the fourth quarter.
Therefore, if a change in schedule, delay in acceptance inspection, or similar event occurs in a project for which sales will be recorded in March, recording of sales and income from such a project is likely to be postponed until the following fiscal year. The Group's operating results, financial standing, and other aspects may be affected if any of those events occurs in a large-scale project.
Risks on management and operation caused by business expansion
The Group implements a number of measures involving investments for business expansion. This is expected to make it necessary to enhance a variety of management systems concerning business operation and management of the Group. The Group's business operation, operating results, financial standing, and other aspects may be affected if management systems cannot be enhanced sufficiently or the amount of cost for the enhancement is greater than assumed.
Risks from relationships with major shareholders
As of the end of the consolidated fiscal year under review, KDDI Corporation holds 31.89% of the Company's outstanding shares (excluding treasury shares), including those held indirectly via Cosmos, Ltd., a wholly owned subsidiary of KDDI Corporation. Therefore, KDDI Corporation falls under other affiliated companies of the Company.
The Company and KDDI Corporation have an ordinary business relationship related to products and services. They also operate businesses under a business alliance, including addition of the Company's services to ones provided by KDDI Corporation. In addition, as a part of personnel exchanges for strengthening business and capital alliances, the Company accepts human resources, including a director, from KDDI Corporation. Effective on March 7, 2018, the Company acquired 49.0% of shares in KDDI Digital Security Inc., and began to operate business jointly.
However, stability of the capital relationship, the business relationship, and the personnel relationship between the Company and KDDI Corporation is not guaranteed. Nor is it guaranteed that KDDI Corporation's views and interests related to the Company's management policy always conform with views and interests of other shareholders of the Company. Accordingly, the Group's business operation, operating results, financial standing, and other aspects may be affected by a change in the relationship between the Company and KDDI Corporation.
3. Risks in the External Environment
Risks related to intensified competition
The security solution service business is deemed promising as a growth field. It therefore sees consecutive new entries by foreign-affiliated companies and venture firms in addition to major system integrators. As a pioneer in the information security field in Japan, the Group is striving to expand its security solution service business in the rapidly changing market while influencing the direction of the market. However, competition in the market is expected to be intensified by aggressive entry of the Group's competitors. This may affect the Group's business operation, operating results, financial standing, and other aspects.
Risks related to price competition
In the field of the system integration service business, customers' requests related to cost-effectiveness of IT investment have been growing more difficult in terms of both quality and prices of services that are provided. At the Group, initiatives including differentiation from competitors, productivity improvement, and selection of subcontractors are taken by involving the department in charge of the security solution service business. However, the Group's business operation, operating results, financial standing, and other aspects may be affected if price competition in the market is intensified.
Risks related to response to technological innovations
The IT industry sees remarkable progress on new technologies, such as big data solutions, blockchain, and artificial intelligence (AI). The progress takes place on a daily basis, resulting in practical application of one technology after another. If the Group fails to respond appropriately and promptly to these technological innovations or changes in customer needs, its contracts with customers concerning the continuation of business or outsourcing may be changed or cancelled. This may affect the Group's business operation, operating results, financial standing, and other aspects.
The Group strives to create new businesses while improving the capabilities of all of its employees and having them learn the skills and expertise needed to respond appropriately to customer needs. In the field of information security, Cyber Grid Japan, the research department of the Company, studies advanced security technologies.
Risks from dependence on trade with specific industries
In the Group, the ratio of sales from customers from the finance industry is higher than those from other industries. Accordingly, the Group's business operation, operating results, financial standing, and other aspects may be affected if the scale of IT investment in the finance industry changes rapidly.
Risks from dependence on a specific business partner
The Group has signed contracts with IBM Japan, Ltd., including a business partnership agreement. The Group's business operation, operating results, financial standing, and other aspects may be affected if those contracts are changed or cancelled for some reason.
4. Information Security Risks
Information security risks faced by the Group
Given the nature of the Group's businesses, its employees may handle, either directly or indirectly, business information or customer information held by the Group's clients. If the Group sustains damage in a cyber attack, is involved in an information leak, or if the Group's technology is abused for a criminal act or similar situation, for example, the Group's brand image will be degraded, business continuity will be at risk, an obligation to pay compensation for the damage will be generated, and an investment will have to be made to strengthen its management systems. These and other consequences may affect the Group's business operations, operating results, financial standing, and other aspects.
The Group has established rules and regulations related to information security and takes measures to prevent cyber attacks, information leaks, and other information security incidents. Those measures include the introduction of security systems, implementation of various security control measures, and training of employees, including training in ethics. At the same time, the Group strives to enhance its capabilities to detect and handle these incidents. In addition, for material confidential information handled in information security services, the Group takes measures including control of access to network and database and log management.
Risks in the provision of information security services
In the Group's business activities for its information security services, there are cases where the Group is entrusted to take all security measures for a client's information system in the form of a total solution service. The Group has established an operating structure for providing its clients with optimal services and products at all times.
If a security accident, such as a cyber attack on a business partner's information assets and information leak, occurs despite the above measures, the Group's social trust will be eroded, its brand image will be degraded, and an obligation to pay compensation for damage will be generated, regardless of whether the Group is liable for the accident. This may affect the Group's business operation, operating results, financial standing, and other aspects.
5. Operational Risks
Risks in the implementation of commissioned projects
In a project commissioned under a turnkey contract, cost overruns may occur when hours exceed initial estimates, something that may occur for an unexpected reason, even if the project is planned to generate profit when the order is received. It is also possible that unpaid work will be generated due to the exercise of a right to warranty against non-conformity to contract, or when the Group is required to pay damages due to a delay in delivery, defective quality, or similar reason. The Group's business operation, operating results, financial standing, and other aspects may be affected if a money-losing project is generated.
To further improve service quality and prevent the generation of money-losing projects, the Group is taking steps to improve its estimation accuracy and to thoroughly control risks in the implementation of commissioned projects, for instance by starting to review risk factors in the estimation phase. At the same time, the Group is striving to improve its project management skills and to enhance and strengthen its screening and quality control systems.
6. Legal and Compliance Risks
The Group has established the LAC Group Compliance Policy, which has a basic principle of ensuring sound business activities by establishing corporate ethics. The Group provides compliance training to its officers and employees and carries out activities for raising their awareness of compliance as needed in its efforts to improve its corporate ethics and enhance its legal compliance.
However, it may be impossible to avoid compliance risks completely. In the case of an infringement of laws, regulations, or other rules, the Group's business operation, operating results, financial standing, and other aspects may be affected by erosion of the Group's social trust, degradation of its brand image, payment of compensation for damage that was caused, or a similar event.
Risks related to intellectual property rights, etc.
The Group executes its businesses while being careful not to infringe on third parties' intellectual properties. However, the possibility of infringing on intellectual property due to force majeure is not completely zero. Concerning a service or product provided by the Group, a third party may make a claim for damages, request the Group to stop using it, pay compensation for the patent in question, or file other claims. This may affect the Group's business operation, operating results, financial standing, and other aspects.
7. Financial Risks
Risks related to recoverability of business investment
The Group makes business investments aimed at business expansion, including M&A and new product development. While business investment is an essential factor for the Group's business growth, it is also uncertain. The Group's business operation, operating results, financial standing, and other aspects may be affected if effects of M&A, new product development, or other investments cannot be obtained.