MENU
  1. HOME
  2. Sustainability
  3. Governance
  4. Risk Management

Risk Management

CRO MESSAGE
Basic Philosophy

We are working to prevent risks that could have grave consequences for management and to minimize damage in adverse events. For these purposes, we identify risks in each function and make decisions on how to respond in meetings of the Board of Directors, Internal Controls Committee, and various general councils.

An Internal Control Committee headed by the company president identifies key risks, determines measures to counter them, and checks on the progress in executing these measures. In this way, these measures are made more effective.

In addition, initiatives to deal with key risks or unexpected risks due to political instability or other external factors are discussed regularly by the Board of Directors, and continuous improvements are made.

Moreover, Risk Management and Response Guidelines have been established. These guidelines show the actions taken to adopt to prevent potential risks and to respond to problems appropriately and quickly.

Organization of Internal Control Committee
Organization of Internal Control Committee
Response to Key Risks

Operating foundation risks (primarily handled by CRO) and business strategy risks (primarily handled by CFO) based on the business environment are assessed from the perspective of impact on operations (financial impact, etc.) and possibility of occurrence (frequency), and key risks are identified.

Key risks are reflected in company policy as important action items, and initiatives are made to mitigate or prevent risks.

Examples of Key Risks
Classification Main key risks
Size of risk

Impact on operations (financial impact, etc.)
×
Possibility of occurrence (frequency) 		Large
  • Large-scale disasters (earthquakes, storm and flood damage, etc.)
  • Risks, opportunities, and responses based on TCFD
  • DX support
  • Recalls due to serious quality issues
  • Cyberattacks/scam emails
  • Carbon neutrality measures
  • Raw material procurement, energy price hikes, etc.
  • BEV conversion measures
  • Injuries and operation shutdowns due to serious work accidents
Medium
  • Leakage of confidential information
  • Trade friction
  • Traffic accidents (causing serious damage/injury)
  • Incidents of harassment
Small
  • Antitrust law violations
  • Business operations with partner companies
  • Interruption of business operations due to fire or explosion accidents
Crisis Management Project in Anticipation of Large-Scale Earthquake Disasters

A crisis management system has been put in place for the event of a massive disaster, such as the predicted Nankai Trough earthquake or natural disasters due to climate change. This system is based on the principles of human life first, community support, and early recovery. Specifically, in addition to infrastructure and system measures based on the Crisis Management Project, resilience training has been conducted more than 180 times for directors and members of antidisaster departments since FY2013. These efforts are based on the company’s belief that improving the skills of response personnel is essential. Specific procedures for the recovery of affected buildings, facilities, and processes have also been established, and for alternative production in a production recovery system.

Recovery training for design drawings and other data is also carried out so that product development can be continued even after disasters. In addition, workshops to strengthen crisis management not only in Toyoda Gosei companies but also at Group companies and suppliers are conducted regularly. Assessments using anti-earthquake measure implementation status check sheets, clarification of weak points with graphs, presentation of responses taken at Toyoda Gosei and other companies, and cooperative preparation of business continuation plans (BCP) are carried out.

■Disaster Response
Disaster Response
■Initiatives to Date
Classification Measures
Facility and equipment measures
  • Earthquake resistance measures for buildings and facilities
  • Establishment of a disaster prevention center to serve as an operations base for the entire company in the event of a disaster
  • Equipping all locations with a multi-channel access (MCA) radio system*1 and satellite phones
  • Installation of crisis management servers (earthquake resistant structure) and emergency power generators
  • Operation of a DR*2 system and DCs*3
System measures
  • Implementation of site and building safety assessments
  • Training in operation of earthquake early warning systems and employee safety information systems
  • Preparation of supply chain information
  • Preparation of a business continuity plan (BCP)
Skills
  • Ongoing resilience training (disaster simulation exercises)
  • *1 Radio system used in Japan for various purposes, from daily operations to emergencies and disasters
  • *2 System for restoring and repairing damaged systems (Disaster Recovery)
  • *3 General term for special facilities equipped with and operating computers, data communications, and other equipment (Data Center)
Enhancing Our Global Risk Response

In response to global risks that occur not only in Japan but also in other countries (e.g., parts and raw material shortages, the Ukraine conflict, etc.), we are taking necessary actions on a global basis to quickly assess the situation (weekly BCP reports) both in Japan and overseas. Standardization is also underway so that domestic and international locations can take measures on their own initiative, and we are enhancing our ability to respond to key risks seen in the business environment of each company.

Basic Policy for Cybersecurity Measures

To strengthen the control of confidential information, annual checks of the compliance status of each division based on company confidentiality management regulations are conducted together with onsite audits. Self-inspections are also done at Group companies in Japan and overseas, as well as at major suppliers.

Confidentiality officers are assigned in all departments, and confidentiality education activities are conducted based on information system security operating standards and a confidential information management manual. At domestic and international Group companies and major suppliers, specific measures are stratified and executed based on the size of the impact on Toyoda Gosei and inspection results for cyber risk measures at each company. Regular reports and discussions are conducted in all company boards, and cybersecurity measures are taken together globally.

■Main Cybersecurity Measures
Classification Measures (domestic and international Group companies and suppliers respond in accordance with the size of the impact)
Prevent leakage due to negligence Facility and equipment measures
  • Data encryption on personal computers
  • USB device connection controls
System measures
  • Security measures when sending emails out of the company (mandatory cc to superior’s email address, encryption of attached files)
Prevent leakage due to malice Facility and equipment measures
  • Installation of computer anti-virus software
  • Constant monitoring of unauthorized communications
  • Prevention of unauthorized connections to the network
  • Firewalls to control communication with outside parties
  • Detecting and preventing tampering with systems open to the public outside the company
System measures
  • Confidentiality pledge
  • Stricter standards for allowing items to be taken from premises
  • Restricted access to file servers
Educational activities (morale measures)
  • Security training for employees
  • Training in responding to targeted email attacks
  • Company-wide confidentiality controls inspections and on-site audits using check sheets