Risk Management

Basic Approach

It is important to always to anticipate the various risks that threaten business continuity, such as natural disasters, compliance, the availability of human resource, health and safety, and product quality, and to take the appropriate measures to address these risks. The Daifuku Group conducts regular risk assessments in accordance with the Risk Management Regulations to mitigate and minimize risks that may impact business operations and to strengthen the system for emergencies.

Promotion System

Daifuku established the Risk Management Committee in April 2022 for the purpose of managing significant risks that affect the achievement of the Group’s management goals. The committee is chaired by the CEO and includes global business heads (consisting of board directors and/or managing officers), the safety and health management division manager, and other division managers from corporate functions. The Sustainability Committee has been responsible for risk management. However, risks surrounding business and management environment are rapidly changing and uncertainty in business is growing. In response to the situation, the Group has established the independent committee that integrates group-wide risk management activities in order to build a stronger management system that supports swift decision-making and strong risk-taking. The Committee holds several general meetings annually, and reports significant risk management issues to the Board of Directors as appropriate.
The Group has established the Risk Management Committee to separately operate the system for normal time and that for emergencies. The Risk Management Committee promotes risk management actions in normal time, and controls risks before they become apparent. In the event of an emergency, the BCP promotion system is in place to respond to crises after risks have emerged. The BCP promotion system works with the Risk Management Committee to consider and prepare for crises starting from normal operations. When faced with a crisis such as a large-scale disaster, we will quickly establish a framework and take initial actions to prevent secondary disasters, placing the highest priority on human lives.
In addition, the Audit Division, which is tasked with establishing and operating an internal audit system, has been established under the direct control of the Board of Directors, and the Board of Directors receives regular reports from the Audit Division. One of its functions is to verify and evaluate the effectiveness of risk management and the maintenance and operation of internal control systems, and to facilitate their improvement. In the development and operation of the internal control system, the Company refers to a standard framework (COSO).

FY2022 promotion system

Risk Management Committee
BCP Promotion System

Major Initiatives

Risk assessment

Crucial risk factors that significantly affect the business activities of the Group are extracted, and those factors are mapped with two assessment axes of frequency and consequence to grasp and manage risks. The assessment covers all business divisions and subsidiaries inside and outside of Japan. In accordance with the results of the assessment, an external agency adjusts the measures through the survey in the Group and with their expert knowledge. The results in fiscal 2021 had a higher consequence in risks associated with changes in the business environment compared with the results of the fiscal 2019 assessment. This assessment reflected the COVID-19 pandemic, US-China trade friction, worldwide semiconductor shortage and other factors.

Overview of significant risks

Below is a list of major anticipated risks in the normal course of business operations. While we are taking measures to mitigate each of these risks, it is difficult to completely predict or address all of them.

1. Risks related to changes in business environment Impact
  • Decrease in capital investment due to economic fluctuations in the electronics sector, mainly semiconductor and flat-panel displays
  • Supply shortage of semiconductors and other parts, soaring energy and raw material prices, disrupted logistics networks and rising labor costs
  • Economic impacts of rising energy and food prices and supply chain disruption on consumption due to impact of Russia’s invasion of Ukraine
Measures
  • Paying close attention to trends in the electronics sector to flexibly reflect them in our business plans
  • Improving the accuracy of project management, including budgets and installation progress
  • Focusing on and minimizing the impact on business activities related to Russia and Ukraine
2. Risks related to compliance Impact
  • A significant increase in management targets due to rapid growth of the Group, emergence of risks due to stricter legal systems, etc.
Measures
  • Outside directors’ participation in the Compliance Committee
  • Internal audits conducted by the Audit Division that is independent from the business lines
  • Review of the whistle-blowing system
  • Having established the Legal and Compliance Division and developed regulations to prevent corruption, breaches of competition laws, etc.
  • Having established the Audit & Supervisory Board Office to assist the duties of Audit & Supervisory Board members and the Audit & Supervisory Board, to enhance the effectiveness of audits by Audit & Supervisory Board members
  • Having set the Risk Management and Governance Office (now Governance Promotion Department) to enhance governance of the entire Group
  • Having set the International Trade Management Department to develop the compliance management system for import and export transactions
  • Creating a Compliance Guidebook in multiple languages that explains the Group Code of Conduct, holding briefing sessions on the Code using the guidebook
3. Risks related to human resources Impact
  • Difficulty in acquiring and securing excellent personnel
Measures
  • Actively hiring and promoting women, foreign nationals, and mid-career professionals
  • Conducting an engagement survey that asks about motivation and comfort in workplaces of the Group employees
  • Building a training system intended to train successors (officers and executives) through clarifying key positions and identifying employee competencies (required behavior and attitude)
4. Risks from large-scale natural disasters Impact
  • Suspension of business activities due to the occurrence of large-scale natural disasters such as earthquake and tsunami
  • Supply chain disruption, including suspension of business partners’ operations
Measures
  • Formulation and regular review of business continuity plan and initial response procedures
  • Establishing a rapid recovery system and conducting regular drills for the purpose of initial response
  • Natural disaster hazard surveys at each site, expansion of stockpiles
5. Reputation risks Impact
  • Reputation risks (damage caused by rumors) by the spread of misinformation, wrong advertisement, or infelicities widely spread through social media
  • The Group’s brand image and social credibility decline, potential impact on operating results and financial condition
Measures
  • Conducting media training for officers and preparing guidelines
6. Risk of information leakage from cyberattacks Impact
  • Information leakage due to cyberattacks and accidents related to computer security
Measures
  • Strengthening Groupwide information security measures through the Information Security Committee chaired by the CEO
  • Identifying the possible scope of impact and damage from cyberattacks
  • Initial response to prevent the spread of damage
  • Conducting employee education and drills on a regular basis

Strengthening information security

Threats to "information," an important management resource, have become increasingly sophisticated, ingenious, and malicious in recent years. Moreover, privacy protection and data regulations, particularly centered on personal information, are being tightened globally, and the prevention of information leaks has become an important compliance issue. In light of these changes in the business environment, the Group conducted a major review of our information security-related regulations in April 2022. We will take measures against risks in accordance with the new regulations and guidelines to ensure the safe use of information assets in our business operations.

Promotion system

We formed an Information Security Committee in 2004 to maintain and improve information security across the Group. This Committee came under the direct control of the CEO in fiscal 2022. The Committee is chaired by the CEO and includes the Global Business Heads of each business unit and the presidents of subsidiaries, and is strengthening efforts under the leadership of the management team. Furthermore, in order to clarify roles and responsibilities in information management, we have appointed an information security promotion manager in each business unit, division, and subsidiary to deepen our efforts at the on-site level.

FY2022 promotion system
Committee chair President and CEO
Committee vice-chair DX Division Manager, Corporate Functions Deputy Head
Members Global Business Heads, Corporate Functions Head, Safety and Health Management Division Manager, officers in charge of subsidiaries, Presidents of Japanese subsidiaries, Presidents of subsidiaries outside of Japan

CSIRT

The mission of the CSIRT(Computer Security Incident Response Team)is to deal with information leaks stemming for example from cyber attacks and respond to any other computer security incidents. The CSIRT is centered on the Information Security Committee, enabling us to swiftly identify the possible scope of an accident and damage, put first-response measures in place, and investigate causes and means to prevent reoccurrence.

Accident reporting route

Threats to information and countermeasures

The Group is promoting specific initiatives in each of the following areas against technical threats such as unauthorized access and cyberattacks, human threats such as internal misconduct and disregard for rules, and physical threats such as disasters and theft.

IT countermeasures
  • IT security measures with multi-layered protection (entrance, exit, and internal)
  • Confirmation of behavior through logs
Human countermeasures
  • Compliance with rules by each employee
  • Education and training
  • Understanding warning signs at each workplace
Physical countermeasures
  • Access control and locking of offices, etc.
  • Management of information devices such as PCs, USB memory sticks, paper and other recording media
Organizational countermeasures
  • Rule formulating
  • PDCA activities for rule compliance

Global information security trainingKPI

We have conducted training sessions twice compared to the target of two sessions in fiscal 2021. Since fiscal 2021, we have adopted video content available in more than 30 languages as a training tool to enhance the appeal of the program and boost the educational value of the program by allowing viewers to watch the videos in their native languages.

FY2021
Number of training sessions 2 sessions

Global e-mail trainingKPI

We conducted the training three times, versus our target of three times in fiscal 2021. To promote further understanding, the key points to be identified and noted were displayed in the native language of those who clicked the link in the training e-mail and failed the training. Beginning in fiscal 2022, retraining will be offered to those who failed to pass the training in order to further improve their effectiveness.

FY2019 FY2020 FY2021
Number of training sessions 2 sessions 2 sessions 3 sessions

Business continuity plan

We have formulated a business continuity plan (BCP) to minimize damage to business assets and to enable business continuity and a rapid recovery in the event of a crisis such as a large-scale disaster, with human life as the top priority. In formulating our BCP, we followed the ISO 22301 international standard for its development and operation.
With the aim of enhancing the effectiveness of our BCP, we are conducting regular risk assessments at our business locations, introducing a safety confirmation system, implementing periodic exercises based on the initial response manual, and upgrading our disaster prevention supplies. Daifuku will, if necessary, establish an on-site disaster headquarters in the event of an earthquake with an intensity of 5 or higher (per the Japan Meteorological Agency Seismic Intensity Scale), a disaster requiring prolonged recovery efforts, or other events that have or are expected to have a significant impact on business operations.

Supplier Operations Verification System

  • *Clicking on an image brings up a new window.

To ensure stable procurement of parts and other supplies in the event of a disaster, we have introduced a Supplier Operation Verification System that enables rapid collection of information on damage to suppliers. Regular operational training is conducted with suppliers to boost operational proficiency, and in the event of an emergency, the system is used to confirm the viability of operations and the delivery date of parts.

Supplier Operations Verification System

Coexistence with local communities

We have concluded an agreement with the town of Hino in Shiga Prefecture to accept local residents for evacuation in the event of a disaster. As part of our BCP, we regularly conduct disaster drills and mock drills with our own firefighting team to prepare for large-scale disasters, and we are engaged in ongoing social initiatives to build good relationships with local communities and our larger society.

Countermeasures against COVID-19

Major risks caused by the COVID-19 pandemic include limited commute, transfer, or activities in the Group and customer companies, delay or suspension of business activities resulting from infected cases, delay or cancellation of capital investment by customers due to business recession, and decreased profitability due to production cutback.
In response to COVID-19, the Group has established the Novel Coronavirus Response Committee, with the CEO as its head. Each business division checks the situation of the infection and reports necessary information to the Board of Directors as appropriate. The Group has put the highest priority on the lives, health, and safety of its employees and their families, customers, and business partners; complied with guidelines issued by governments and administrative agencies inside and outside of Japan; and promoted working from home. These and other measures prevented significant troubles in the Group’s business activities.
However, the COVID-19 pandemic has not ended yet, and the Group recognizes that the scope of damage by those risks may expand.