Risk Management

Basic stance

The Toyota Boshoku group is working to carry out risk assessments, comprehensively reinforce risk management and reduce risks in order to respond swiftly to major risks including management risk, risk in daily operations, risk associated with disasters and accidents, risk arising from the external environment such as global warming and water, risks relating to corruption (such as bribery, cartels (agreements upon bids, prices, allocating the supplier and any item to avoid competition among with competitors), embezzlement, and conflicts of interest), and social reputation risk.*

  • Risk of losing societal trust

Risk management activities

We have established a global risk management system for the group centered on the Chief Risk Officer (CRO), and carry out more effective risk management activities such as through monitoring of the status of risk response by the Board of Directors.
Businesses, regions, the corporate operation unit and other functions are working together to counter pertinent risks and implement a PDCA (plan-do-check-action) cycle for risk management activities. In order to prevent and minimize damage to the wider Toyota Boshoku group, Toyota Boshoku strives to identify and manage risks in an integrated manner, and share risks within the group.

Risk management initiatives in fiscal 2024

In fiscal 2024, under the global risk management system, we worked to increase opportunities for mutual communication by disclosing and sharing information so that risk management activities can permeate not only in Japan but also in other countries.
We also promote Business Continuity Management (BCM) activities to enhance the effectiveness of the Business Continuity Plan (BCP), and build mechanisms to realize continuous improvement in normal times. Other activities included periodic evacuation drills, drills for setting up a response headquarters, emergency communication drills using safety confirmation tools, and stockpiling supplies for local residents.

The risk management system, and associated activities

Figure:The risk management system, and associated activities

Evaluation points for materiality-impacting risks (Impact level)

Materiality Evaluation points
  • ①As an Interior Space Creator we will contribute to people’s quality of life, creating comfort, safety, and reassurance through innovation
Stable supply
  • ②Using our established technical capability, we will contribute to realize a society with no traffic casualties through providing products that assure safety
Product safety
  • ③Together with our business partners, we will realize MONOZUKURI innovations that minimize environmental stress
Environmental impact
  • ④We will develop people capable of contributing to society, who have diverse values, a challenging spirit and understand the value of strong teamwork
Occupational safety
  • ⑤We will continue to be a company of integrity trusted by all our stakeholders, inheriting our tradition of fairness and moral behavior to the next generation
Compliance

Crisis levels

Level Countermeasures Headquarters Chief
Level A
(Serious crisis)
President
(Comprehensive Countermeasures Headquarters)
Level B
(Major crisis)
Department with responsibility for said risk(s), chief of headquarters for said region
(Countermeasures project)
Level C
(Individualized response crisis)
Chief of department with responsibility for individual said risk(s), subsidiary company president
(Countermeasures team)

Crisis response system (in case of Crisis Level A)

Figure:Crisis response system (in case of Crisis Level A)

Main actions taken against significant risks in fiscal 2024

Risk Main actions taken in FY2024
Earthquakes
  • Evacuation drills, drills for setting up a company-wide disaster response headquarters, on-site in-house firefighting organization drills
  • Promotion of BCM activities, etc.
Cyberattacks
  • Enhancement of company members' awareness of security (security training, targeted e-mail drills)
  • Strengthening of security measures at affiliates/suppliers inside and outside Japan
  • Automatic disconnection of PCs and servers suspected of being infected with viruses from the network, etc.
Country risks (Conflict)
  • Ascertaining of the Toyota Boshoku group's situation with respect to economic security
  • Monitoring of the country risk situation in our countries of operation based on information from economic indicators, external credit rating agencies, local entities, etc.
Falsification or concealment of quality/testing data
  • Internal hearings (technical evaluation and factory inspection divisions,) periodic supplier inspections, establishment of a quality fraud prevention mechanism, establishment of a system for checking certified work, education on quality fraud prevention, and awareness-raising through introduction of fraud cases among other companies at the Global Quality Learning Center (GQLC).

Global priority risks in fiscal 2025

Based on the results of the risk assessment for fiscal 2024, we selected global priority risks for fiscal 2025.

Risk map formulation process

Considering the risk environment surrounding the Toyota Boshoku group, the Chief Risk Officer (CRO) and others selected (drafted) the global priority risks based on:
(ⅰ) results of risk analysis and assessment by the department responsible for risk;
(ⅱ) risks considered important by external organizations, etc.; and
(ⅲ) information on crises that have emerged within the Toyota Boshoku group.
These global priority risks were then discussed and finalized by the Risk Management Promotion Meeting.

4 Global priority risks in fiscal 2025

  • Earthquakes
  • Cyberattacks
  • Fraud damage
  • Falsification or concealment of quality/testing data

FY2025 risk map

Figure:FY2025 risk map

To enhance understanding of risk management activities and risk sensitivity, risk management training has been provided since fiscal 2022 for risk management personnel in the departments responsible for risk and at affiliated companies (inside and outside Japan).
In fiscal 2024, training was provided on the importance of verifying crisis response and training on the subject of infectious diseases, and on risk management learned from project management. In addition, we regularly issue a risk management newsletter to share various risk cases within the Toyota Boshoku group and alert our company members to its publication.

Confidentiality management and information security

The Toyota Boshoku group considers the appropriate management of confidential information to be a key element of our business activities. We have both created a group-wide Information Security Policy and assembled a global confidential information management system. Additionally, we are working together as one group to systematically and continuously strengthen our information security.
In addition, once a year, the Company and its consolidated subsidiaries inside and outside Japan collaborate to inspect the status of information security initiatives using the security guidelines, thereby improving internal systems, rules, education, and technical measures to ensure the same level of security on a global basis. In addition to the establishment of systems, we believe in the importance of education, and regularly conduct activities to raise company members’ security awareness such as through e-Learning training and drills in targeted e-mail.
The security guidelines are based on ISO 27001/27002, NIST (the United States’ National Institute of Standards and Technology) Cybersecurity Framework, the Cybersecurity Management Guidelines of Japan’s Ministry of Economy, Trade and Industry, etc., and are periodically reviewed to ensure they are responsive to changes in the environment.
We also update our confidentiality management rules and related procedures, and have introduced an internal information leak detection system to counter the risk of confidential information leaks.
In addition, we implement measures to counter unauthorized access gained through computer virus infection and other means, including ransomware, which has been on the rise in recent years. As well as our own measures, we have launched activities to raise the level of security measures throughout the supply chain, such as explaining the necessity of security measures and specific measures to our affiliates and suppliers.

Information Security Policy

Structure of activity promotion with consolidated subsidiaries

Figure:Structure of activity promotion with consolidated subsidiaries

Specific confidentiality management actions undertaken

●Training of company members

(ⅰ) Carrying out various levels of training, including upon joining the company, upon receiving promotion, etc. (each training once a year)
(ⅱ) Displaying of informational and caution-prompting message upon startup of personal-use PCs (twice a month)
(ⅲ) Carrying out activities designed to improve awareness and understanding during Confidentiality Management Month (October)
(ⅳ) Carrying out e-learning training (twice a year) and targeted e-mail drills (six times a year) for all company members, including executive officers

●Provisions in line with our security guidelines

① Systematic management planning (preparation of systems and rules, etc.)
② Human resource management planning (training for company members, simulation training, etc.)
③ Technological management planning (improper system access/computer virus countermeasures, restoration measures, security surveillance, etc.)
④ Physical management planning (controlling access to relevant rooms/areas, etc.)
⑤ Preparation of response systems for accidents and hostile acts