An internal control system should be built internally by management with the four objectives of “business effectiveness and efficiency,” “reliability of financial reporting,” “observance of laws and regulations for business activities” and “conservation of assets.”
Specifically considering risk management, compliance and internal audits to be instrumental in achieving these objectives, the ANA Group founded its internal control system, which comprises the three pillars of the Risk Management Committee, the Compliance Committee, and the Internal Audit Division. In addition, based on the ANA Group Internal Control Regulations for Financial Reporting that it set out in response to the requirement to establish a system for internal control of financial reporting, ANA maintains and operates internal controls and conducts ongoing evaluations, and it confirmed their effectiveness throughout the entire Group in the fiscal year ended March 2012.

The ANA Group Total Risk Management Regulations set out the basic terms of the Group’s risk management. Under these regulations, the Risk Management Committee, General Administration, which is a committee secretariat, and CSR Promotion Leaders assigned to major divisions and Group companies facilitate risk management activities. The role of CSR Promotion Leaders is to promote risk management in each company and department by executing risk countermeasures according to plans and to take swift action while contacting the committee and secretariat in the event of a crisis. Moreover, in addition to the Risk Management Subcommittee, the Risk Management Committee has established subcommittees with expertise in specific risks, such as the Information Security Subcommittee and the Security Trade Control Subcommittee, to which it delegates the response to certain risks, such as new types of influenza.
In response to the various risks in its operating environment, ANA has structured a system with two approaches to managing the various risks it faces in the course of its business.

ANA has built a risk management cycle (identification → analysis → evaluation → study and implementation of controls and countermeasures → monitoring) with the goal of minimizing risk, and has been carrying out risk management activities. Continuing from the previous fiscal year, in the fiscal year ended March 2012 the various divisions as well as the domestic and overseasoffices of the various Group companies discussed the progress, effectiveness and level of achievement of the measures taken with respect to the major risks identified by them and carried out a final evaluation of the results of the activities. At the same time, these parties once again identified the risks for the following fiscal year, and reported the result at the management committees including CSR Promotion Committee and Risk Management Committee. In the field of information security, the Group established an intranet to introduce Control Self Assessment (CSA) in all departments, and is enhancing measures to firmly establish awareness regarding the rules on information security such as conducting four sessions of awareness training for all ANA Group executives and employees using video materials (e-learning) .

ANA has constructed a response system based on detailed manuals in order to minimize damage and ensure safe and secure future operations by investigating the causes. The Emergency Response Manual (ERM) sets out responses to incidents with a direct impact on operations such as accidents or hijacking involving the ANA Group’s aircraft, and the Crisis Management Manual (CMM) provides responses to other crises including systems failure, information leaks, scandals and risks from external sources. Responses to accidents and hijacking are drilled and practiced every year. The ANA Group as a whole.

In enhancing internal control, compliance is an important structural element in addition to the risk management function. ANA is promoting education and enlightenment based on the ANA Group Compliance Regulations in order to fulfill its compliance responsibilities by constructing a compliance system for the entire Group. At the top of the compliance promotion system is the Compliance Committee, which is composed of the senior managers responsible for compliance in each department. These are mainly corporate executive officers. Under this committee are the CSR Promotion Leaders assigned to various ANA offices and Group companies, who conduct evaluations of the level of compliance awareness and promote and strengthen compliance throughout the ANA Group. As an initiative in the fiscal year ended March 2012, ANA created DVD educational materials explaining the ANA Group Code of Conduct in Japanese, English, and Chinese, and distributed them to all offices, including overseas branches. In addition, continuing from the previous fiscal year, ANA designated October as CSR promotion month, and conducted education and awareness enhancement through group training and e-learning programs on themes such as risk management and antitrust laws. In November, ANA conducted a compliance awareness survey of all Group employees. ANA has set out regulations concerning the handling of internal reporting and has established internal reporting contact points inside the Company and outside the Company at a law firm. ANA disseminates information about the internal reporting system throughout the ANA Group and to its business partners.