Risk Management

Basic stance

The Toyota Boshoku group is working to comprehensively reinforce risk management and reduce risks in order to respond swiftly to major risks including management risk, risk in daily operations, risk associated with disasters and accidents, risk arising from the external environment such as global warming and water, and social reputation risk.^*

Risk of losing societal trust

Risk management activities

With the introduction of the Chief Officer System in 2021, we have established a global risk management system for the group centered on the Chief Risk Officer (CRO), allowing us to carry out more effective risk management activities.
Businesses, regions, the corporate operation unit and other functions are working together to counter pertinent risks and implement a PDCA (plan-do-check-action) cycle for risk management activities. In order to prevent and minimize damage to the wider Toyota Boshoku group, Toyota Boshoku strives to identify and manage risks in an integrated manner, and share risks within the group.
In fiscal 2022, we established the Risk Management Regulations by reviewing the existing regulations in line with our current risk management activities, and clarified the scope of risk management initiatives, roles, and authority, including the following:

Risk management system and roles
Risk classification and risk levels
Establishment of a response system based on the decision-making criteria for crisis response

Centralized management based on common global standards, we have revised the criteria governing the degree of impact on management when assessing risk. We consider those risks that would hinder the realization of the Toyota Boshoku group's materiality as the group's risks, and have set these as the criteria for evaluating the degree of impact.
Furthermore, to strengthen our response to the risk of natural disasters, we have incorporated infectious disease countermeasures into our business continuity plan (BCP), and have developed business rules from the BCP with the aim of improving its effectiveness. Based on this, we have conducted evacuation drills in a manner that avoids the “Three Cs” of virus transmission, stockpiled masks, operated information tools (including a safety confirmation system), and developed systems for initial response to COVID-19.

The risk management system, and associated activities

Evaluation points for materiality-impacting risks (Impact level)

Materiality	Evaluation points
①As an Interior Space Creator we will contribute to people's quality of life, creating comfort, safety, and reassurance through innovation	Stable supply
②Using our established technical capability, we will contribute to realize a society with no traffic casualties through providing products that assure safety	Product safety
③Together with our business partners, we will realize MONOZUKURI innovations that minimize environmental stress	Environmental impact
④We will develop people capable of contributing to society, who have diverse values, a challenging spirit and understand the value of strong teamwork	Occupational safety
⑤We will continue to be a company of integrity trusted by all our stakeholders, inheriting our tradition of fairness and moral behavior to the next generation	Compliance

Crisis levels

Level	Countermeasures Headquarters Chief
Level A (Serious crisis)	President (Comprehensive Countermeasures Headquarters)
Level B (Major crisis)	Department with responsibility for said risk(s), chief of headquarters for said region (Countermeasures project)
Level C (Individualized response crisis)	Chief of department with responsibility for individual said risk(s), subsidiary company president (Countermeasures team)

Crisis response system (in case of Crisis Level A)

Main actions taken against significant risks in fiscal 2022

Significant risk	Main actions taken in FY2022
Infectious diseases, etc.	①Infection prevention measures resulting from discussion at COVID-19 countermeasures meeting ②COVID-19 Workplace vaccinations ③Maintaining strategic reserves of hygiene products: non-woven fabric masks, antiseptic solution, protective clothing, gloves, paper towels, etc. ④Creation of an initial response manual for COVID-19
Fraud damage	①Thorough recurrence prevention work with responsible company members (translation of essential points into local languages, training) ②Confirmation of operational conditions of recurrence prevention measures, improvement guidance
Earthquakes	①Revision and global deployment of an initial response BCP (Business Continuity Plan) that incorporates anti-infection measures ②Safety confirmation system response drill
Cyberattacks	①Countermeasures to external intrusions, improper system access, computer viruses ②Security education (raising awareness among company members): e-learning, targeted email attack training

Global priority risks in fiscal 2023

We selected significant risks in FY 2023 based on the FY2022 risk assessment.

7 Global priority risks in fiscal 2023

Earthquakes, typhoons, heavy rain, production delays or shutdowns, infectious diseases etc., cyberattacks, fraud damage, country risks (Ukraine)

FY2023 risk map

Confidentiality management and information security

The Toyota Boshoku group considers the appropriate management of confidential information to be a key element of our business activities. We have both created a group-wide Information Security Policy and assembled a global confidential information management system. Additionally, we are working together as one group to systematically and continuously strengthen our information security.
In addition, once a year, the Company and its domestic and overseas consolidated subsidiaries collaborate to inspect the status of information security initiatives using the security guidelines, thereby improving internal systems, rules, education, and technical measures to ensure the same level of security on a global basis.
The security guidelines are based on ISO 27001/27002, NIST (the United States’ National Institute of Standards and Technology) Cybersecurity Framework, the Cybersecurity Management Guidelines of Japan’s Ministry of Economy, Trade and Industry, etc., and are periodically reviewed to ensure they are responsive to changes in the environment.
We also update our confidentiality management rules and related procedures to counter the risk of confidential information leaks.
Additionally, in response to an increase in the number of viruses and targeted phishing in recent years, we carry out training of company members, as well as periodically send imitation phishing emails to improve company members’ ability to detect scams.

Information Security Policy

Structure of activity promotion with consolidated subsidiaries

Specific confidentiality management actions undertaken

●Training of company members

① Carrying out various levels of training, including upon joining the company, upon receiving promotion, etc.
② Displaying of informational and caution-prompting message upon startup of personal-use PCs
③ Carrying out activities designed to improve awareness and understanding during Confidentiality Management Month
④ Carrying out e-learning and email training for all company members, including executive officers

●Provisions in line with our security guidelines

① Systematic management planning (preparation of systems and rules, etc.)
② Human resource management planning (training for company members, simulation training, etc.)
③ Technological management planning (improper system access/computer virus countermeasures, restoration measures, security surveillance, etc.)
④ Physical management planning (controlling access to relevant rooms/areas, etc.)
⑤ Preparation of response systems for accidents and hostile acts