Risk Management

Basic Approach
Promotion System
Major Initiatives

Basic Approach

It is important to always to anticipate the various risks that threaten business continuity, such as natural disasters, compliance, the availability of human resources, safety and health, and product quality, and to take appropriate measures to address these risks. The Daifuku Group conducts regular risk assessments in accordance with the Risk Management Regulations to mitigate and minimize risks that may impact business operations and to strengthen the system for emergencies.

Promotion System

The Group has established a risk management system based on a three-line model with the CEO as the chief executive. Corporate Functions and other administrative divisions (second line) provide support, guidance, and supervision for risk management by the business divisions (first line), which are the entities responsible for responding to risks. In addition, the audit departments (third line) audit the risk management efforts of the first and second lines.
We have established the Risk Management Committee, which is chaired by the President and CEO and includes the heads of divisions and business units, general managers, and related executive officers, to monitor these initiatives from a company-wide perspective, issue instructions for action, and manage progress. The Committee meets several times a year and reports important risk-related issues to the Board of Directors as appropriate.
This Committee promotes activities during normal times to control risks before they materialize; however, in the event of an emergency, the BCP promotion system is in place to respond to crises after risks have emerged. The BCP promotion system works with the Risk Management Committee to consider and prepare for crises starting from normal operations. When faced with a crisis such as a large-scale disaster, we will quickly establish a framework and take initial actions to prevent secondary disasters, placing the highest priority on human lives.
In addition, the Audit Division, which is tasked with establishing and operating an internal audit system, has been established under the direct control of the Board of Directors, and the Board of Directors receives regular reports from the Audit Division. One of its functions is to verify and evaluate the effectiveness of risk management and the maintenance and operation of internal control systems, and to facilitate their improvement. In the development and operation of the internal control system, the Group refers to a standard framework (COSO).

FY2023 promotion system

The main roles of each committee

In order to further strengthen the risk management system, three committees that had been operating individually up until now (the Central Safety and Health Committee, the Information Security Committee, and the International Trade Control Committee) have been changed to a structure that works in cooperation with the Risk Management Committee, effective starting fiscal 2023. The main roles of each committee are as follows.

Risk Management Committee

Planning and development of risk management systems and related regulations
Selection of critical risks based on risk assessment results, and decision making, direction, and progress management of response policies
Determining and directing the action policy for training and awareness activities related to risk management

Central Safety and Health Committee

Promotion and dissemination of efforts to ensure compliance with relevant laws and regulations, elimination of occupational accidents, and elimination of traffic accidents

Information Security Committee

Planning and scheduling of information security management and implementation of in-house training
Establish and revise information security rules and assess compliance with them
Study of countermeasures for cyber-attacks and information security risks

International Trade Control Committee

Compliance management system and internal awareness-raising activities to ensure thorough compliance with laws and regulations (including those related to security) regarding all overseas transactions

Major Initiatives

Risk assessment

Crucial risk factors that significantly affect the business activities of the Group are identified, and those factors are mapped on two assessment axes of frequency and consequence to ascertain and manage risks. The assessment covers all business divisions and subsidiaries inside and outside of Japan. Based on the results of this assessment, an external organization conducts interviews within the Group and adds its expertise to map risk items, and the Risk Management Committee ultimately determines the key risks that should be prioritized and addressed.

Overview of significant risks

The following is a list of risks that we recognize as having the potential to materially affect our operating results as of June 2023. However, this is not an exhaustive list of all risks to the Group, and there are unforeseen risks other than those listed. While we are taking measures to mitigate each of these risks, it is difficult to completely predict or address all of them.

1. Risks related to changes in business environment	Impact	Delays in the production, construction, and provision of services for our products due to the success, failure, or delay of the procurement of parts and materials Supply shortage of semiconductors and other parts, rising energy and raw material prices, and disrupted logistics networks Degraded business performance due to significant changes in economic conditions and customer capital investment trends or geopolitical problems
1. Risks related to changes in business environment	Measures	Control costs and deadlines, review contract terms and conditions for various business transactions, etc. Pay close attention to the needs and trends of client industries and reflect them dynamically in the management plan Identify and address procurement risks in the supply chain Supply Chain Management
2. Risks related to Group governance	Impact	Mismanagement due to rapid growth of the Group and rapid increase in subsidiaries and employees Loss of public trust and degraded business performance due to the occurrence of improprieties and scandals and failure of organizational management
2. Risks related to Group governance	Measures	Establishment of the Group Code of Conduct to clearly define guidelines for actions to be taken by officers and employees of the Group Distribute the Compliance Guidebook in multiple languages, provide compliance training, and re-emphasize the whistleblower system Review Group credit management regulations and implement measures to disseminate them throughout the Group Compliance
3. Risks related to human resources	Impact	Deterioration of competitiveness due to shortage of personnel with specialized knowledge and skills
3. Risks related to human resources	Measures	Establish a systematic succession planning system by specifying key positions and formulating Group-wide competencies (desired behavioral traits and attitudes) Make revisions to the personnel system based on roles (job responsibilities) and results Conduct an engagement survey regarding job satisfaction and ease of work among Group employees Actively hire and promote women, foreign nationals, and mid-career professionals Talent Development
4. Reputation risks	Impact	Damage to the Group's reputation caused by the spread of misinformation or inaccurate rhetoric through social media Damage to the Group’s brand image and social credibility decline
4. Reputation risks	Measures	Conduct media training for officers Develop media relations manuals, guidelines for use of social media, etc.
5. Risks from large-scale natural disasters	Impact	Interruption of corporate activities by earthquakes, typhoons, tsunamis, and other large-scale natural disasters
5. Risks from large-scale natural disasters	Measures	Natural disaster and hazard surveys at each site, expansion of emergency reserves Various drills for developing a timeline of response plans and safety confirmation in the event of a disaster Improve the effectiveness of the Business Continuity Plan (BCP) by analyzing business impacts and reviewing the structure of each department
6. Risk of information leakage from cyberattacks	Impact	Information leakage due to cyberattacks or internal improprieties
6. Risk of information leakage from cyberattacks	Measures	Strengthen information security across the Group, centered on the Information Security Committee chaired by the Chief Information Officer (CIO) Identify the possible scope of impact and damage from cyberattacks Implement initial responses to prevent the spread of damage and study measures to prevent recurrence Conduct periodic employee education and training

Identifying and addressing procurement risks

With the aim of ensuring stable procurement of critical parts and materials, the Group is working to ascertain procurement risks latent in our supply chain and strengthen our response measures to these risks. In addition to geopolitical risks and risks related to fluctuations in raw material costs and exchange rates, we are cognizant of risks related to business succession of suppliers, fire, accidents, and labor.
In fiscal 2022, we formed a Group-wide Procurement Risk Working Group across business divisions led by the Production Officer (current CPO). This group shared information on the status of procurement of parts and materials and challenges faced by each division, and we took company-wide measures to address procurement-related risks that have grown more difficult due to the lockdown in Shanghai and other factors.
In fiscal 2023, the Production Innovation Division was established, and the Supply Chain Innovation Promotion Department within this division works to understand the realities of the Group’s increasingly complex supply chain risks.

Main efforts in fiscal 2022

Identify key suppliers and parts and materials
Identify risks in the supply chain assumed by each business unit

Business continuity plan

We have formulated a business continuity plan (BCP) to minimize damage to business assets and to enable business continuity and a rapid recovery in the event of a crisis such as a large-scale disaster, with human life as the top priority. In formulating our BCP, we followed the ISO 22301 international standard for its development and operation.
With the aim of enhancing the effectiveness of our BCP, we are conducting regular risk assessments at our business locations, introducing a safety confirmation system, implementing periodic exercises based on the initial response manual, and upgrading our disaster prevention supplies. Daifuku will, if necessary, establish on-site disaster headquarters in the event of an earthquake with an intensity of 5 or higher (per the Japan Meteorological Agency Seismic Intensity Scale), a disaster requiring prolonged recovery efforts, or other events that have or are expected to have a significant impact on business operations.

Strengthening information security

The Group is promoting specific initiatives in each of the following areas against technical threats such as unauthorized access and cyberattacks, human threats such as internal misconduct and disregard for rules, and physical threats such as disasters and theft.

IT countermeasures	IT security measures with multi-layered protection (entrance, exit, and internal) Confirmation of behavior through logs
Human countermeasures	Compliance with rules by each employee Education and training Understanding warning signs at each workplace
Physical countermeasures	Access control and locking of offices, etc. Management of information devices such as PCs, USB memory sticks, paper and other recording media
Organizational countermeasures	Formulation of rules PDCA activities for rule compliance

Regarding employee training, we conduct regular global training using video content available in more than 30 languages and e-mail drills that simulate targeted attacks.

KPI

	FY2020	FY2021	FY2022
Global information security training	－	2 sessions	4 sessions
Global e-mail training	2 sessions	3 sessions	4 sessions