It is important to always to anticipate the various risks that threaten business continuity, such as natural disasters, compliance, the availability of human resource, health and safety, and product quality, and to take the appropriate measures to address these risks. The Daifuku Group conducts regular risk assessments in accordance with the Risk Management Regulations to mitigate and minimize risks that may impact business operations and to strengthen the system for emergencies.
Daifuku established the Risk Management Committee in April 2022 for the purpose of managing significant risks that affect the achievement of the Group’s management goals. The committee is chaired by the CEO and includes global business heads (consisting of board directors and/or managing officers), the safety and health management division manager, and other division managers from corporate functions. The Sustainability Committee has been responsible for risk management. However, risks surrounding business and management environment are rapidly changing and uncertainty in business is growing. In response to the situation, the Group has established the independent committee that integrates group-wide risk management activities in order to build a stronger management system that supports swift decision-making and strong risk-taking. The Committee holds several general meetings annually, and reports significant risk management issues to the Board of Directors as appropriate.
The Group has established the Risk Management Committee to separately operate the system for normal time and that for emergencies. The Risk Management Committee promotes risk management actions in normal time, and controls risks before they become apparent. In the event of an emergency, the BCP promotion system is in place to respond to crises after risks have emerged. The BCP promotion system works with the Risk Management Committee to consider and prepare for crises starting from normal operations. When faced with a crisis such as a large-scale disaster, we will quickly establish a framework and take initial actions to prevent secondary disasters, placing the highest priority on human lives.
In addition, the Audit Division, which is tasked with establishing and operating an internal audit system, has been established under the direct control of the Board of Directors, and the Board of Directors receives regular reports from the Audit Division. One of its functions is to verify and evaluate the effectiveness of risk management and the maintenance and operation of internal control systems, and to facilitate their improvement. In the development and operation of the internal control system, the Company refers to a standard framework (COSO).
FY2022 promotion system
Crucial risk factors that significantly affect the business activities of the Group are extracted, and those factors are mapped with two assessment axes of frequency and consequence to grasp and manage risks. The assessment covers all business divisions and subsidiaries inside and outside of Japan. In accordance with the results of the assessment, an external agency adjusts the measures through the survey in the Group and with their expert knowledge. The results in fiscal 2021 had a higher consequence in risks associated with changes in the business environment compared with the results of the fiscal 2019 assessment. This assessment reflected the COVID-19 pandemic, US-China trade friction, worldwide semiconductor shortage and other factors.
Overview of significant risks
Below is a list of major anticipated risks in the normal course of business operations. While we are taking measures to mitigate each of these risks, it is difficult to completely predict or address all of them.
|1. Risks related to changes in business environment||Impact||
|2. Risks related to compliance||Impact||
|3. Risks related to human resources||Impact||
|4. Risks from large-scale natural disasters||Impact||
|5. Reputation risks||Impact||
|6. Risk of information leakage from cyberattacks||Impact||
Strengthening information security
Threats to "information," an important management resource, have become increasingly sophisticated, ingenious, and malicious in recent years. Moreover, privacy protection and data regulations, particularly centered on personal information, are being tightened globally, and the prevention of information leaks has become an important compliance issue. In light of these changes in the business environment, the Group conducted a major review of our information security-related regulations in April 2022. We will take measures against risks in accordance with the new regulations and guidelines to ensure the safe use of information assets in our business operations.
We formed an Information Security Committee in 2004 to maintain and improve information security across the Group. This Committee came under the direct control of the CEO in fiscal 2022. The Committee is chaired by the CEO and includes the Global Business Heads of each business unit and the presidents of subsidiaries, and is strengthening efforts under the leadership of the management team. Furthermore, in order to clarify roles and responsibilities in information management, we have appointed an information security promotion manager in each business unit, division, and subsidiary to deepen our efforts at the on-site level.
|Committee chair||President and CEO|
|Committee vice-chair||DX Division Manager, Corporate Functions Deputy Head|
|Members||Global Business Heads, Corporate Functions Head, Safety and Health Management Division Manager, officers in charge of subsidiaries, Presidents of Japanese subsidiaries, Presidents of subsidiaries outside of Japan|
The mission of the CSIRT（Computer Security Incident Response Team）is to deal with information leaks stemming for example from cyber attacks and respond to any other computer security incidents. The CSIRT is centered on the Information Security Committee, enabling us to swiftly identify the possible scope of an accident and damage, put first-response measures in place, and investigate causes and means to prevent reoccurrence.
Threats to information and countermeasures
The Group is promoting specific initiatives in each of the following areas against technical threats such as unauthorized access and cyberattacks, human threats such as internal misconduct and disregard for rules, and physical threats such as disasters and theft.
Global information security trainingKPI
We have conducted training sessions twice compared to the target of two sessions in fiscal 2021. Since fiscal 2021, we have adopted video content available in more than 30 languages as a training tool to enhance the appeal of the program and boost the educational value of the program by allowing viewers to watch the videos in their native languages.
|Number of training sessions||2 sessions|
Global e-mail trainingKPI
We conducted the training three times, versus our target of three times in fiscal 2021. To promote further understanding, the key points to be identified and noted were displayed in the native language of those who clicked the link in the training e-mail and failed the training. Beginning in fiscal 2022, retraining will be offered to those who failed to pass the training in order to further improve their effectiveness.
|Number of training sessions||2 sessions||2 sessions||3 sessions|
Business continuity plan
We have formulated a business continuity plan (BCP) to minimize damage to business assets and to enable business continuity and a rapid recovery in the event of a crisis such as a large-scale disaster, with human life as the top priority. In formulating our BCP, we followed the ISO 22301 international standard for its development and operation.
With the aim of enhancing the effectiveness of our BCP, we are conducting regular risk assessments at our business locations, introducing a safety confirmation system, implementing periodic exercises based on the initial response manual, and upgrading our disaster prevention supplies. Daifuku will, if necessary, establish an on-site disaster headquarters in the event of an earthquake with an intensity of 5 or higher (per the Japan Meteorological Agency Seismic Intensity Scale), a disaster requiring prolonged recovery efforts, or other events that have or are expected to have a significant impact on business operations.
Supplier Operations Verification System
To ensure stable procurement of parts and other supplies in the event of a disaster, we have introduced a Supplier Operation Verification System that enables rapid collection of information on damage to suppliers. Regular operational training is conducted with suppliers to boost operational proficiency, and in the event of an emergency, the system is used to confirm the viability of operations and the delivery date of parts.
Coexistence with local communities
We have concluded an agreement with the town of Hino in Shiga Prefecture to accept local residents for evacuation in the event of a disaster. As part of our BCP, we regularly conduct disaster drills and mock drills with our own firefighting team to prepare for large-scale disasters, and we are engaged in ongoing social initiatives to build good relationships with local communities and our larger society.
Countermeasures against COVID-19
Major risks caused by the COVID-19 pandemic include limited commute, transfer, or activities in the Group and customer companies, delay or suspension of business activities resulting from infected cases, delay or cancellation of capital investment by customers due to business recession, and decreased profitability due to production cutback.
In response to COVID-19, the Group has established the Novel Coronavirus Response Committee, with the CEO as its head. Each business division checks the situation of the infection and reports necessary information to the Board of Directors as appropriate. The Group has put the highest priority on the lives, health, and safety of its employees and their families, customers, and business partners; complied with guidelines issued by governments and administrative agencies inside and outside of Japan; and promoted working from home. These and other measures prevented significant troubles in the Group’s business activities.
However, the COVID-19 pandemic has not ended yet, and the Group recognizes that the scope of damage by those risks may expand.