The Komatsu Group recognizes all uncertainties that could threaten the Group's sustainable growth as major risks, particularly compliance issues, environmental issues, product quality concerns, hazardous accidents, information security problems and elimination of anti-social forces. The company has adopted the following measures to counter these risks.
Risk Management Structure
We are developing risk reporting lines, preparing related manuals and making other efforts to further improve the risk management system of the entire Group, including overseas subsidiaries. In connection with a business continuity plan (BCP), each office in Japan carries out initial response training to raise the level of risk management and response to disasters. We are also strengthening the emergency communication functions of the entire Group by developing tools such as the safety confirmation system and broad-area wireless devices, and conducting periodical training programs for the reporting of safety and telecommunications.
Komatsu has established a BCP to promptly check the safety of its employees and their families and to continue or quickly restore important operations when a disaster or accident strikes. The head office building and factories conduct periodical training to facilitate appropriate actions taken in an actual disaster by role-playing the occurrence of a large earthquake. In addition, the factories increase the seismic capacity of their buildings and facilities and take measures against torrential rains based on their respective plans.
BCP training at Oyama Plant
BCP training at Awazu Plant
As a part of its risk management activities, Komatsu has been conducting compliance and risk audits (CR audits) since FY2008. These cover areas are not included in the J-SOX audits, which are conducted in accordance with the Financial Instruments and Exchange Act of Japan to evaluate internal controls related to financial reporting and identify potential compliance risks within the company, with a particular focus on confirming and evaluating the status of legal compliance. Our internal specialist team conducts the internal audits at Komatsu and its Japanese/overseas affiliates, as well as independently-owned distributors and Midori-kai member companies.
The audited items are: 1. Field instructor ;2. Safety; 3. Environment; 4. Labor; 5. Finance and Treasury; 6. Audit of sales office base business operation;7. Quality Assurance and Recall; 8. Vehicle Inspections and Specific Voluntary Inspections (inspections done on construction equipment, similar to car inspections); 9. Export Control; 10. Information Security; 11. the Anti-monopoly Act; 12. the Subcontract Act; and 13. Overseas Representative Offices.
Through these audits, we strive to raise the control and compliance awareness levels at each company and in every department. Going forward, we would like to improve our case-by-case audit method and raise the operational level of CR audits as a part of risk management functions.
Komatsu is developing an information security structure for the entire Group, placing the Information Security Committee at its center. As part of this structure, we distribute an Information Security Guidebook to all employees, based on which we provide education and awareness-raising activities, with the belief that raising the awareness of individual employees is essential for information security. We provide employees of the Group companies who use PCs with basic education on information security through e-learning and training for responding to targeted attack e-mails that uses fraudulent messages.
Additionally, we provide our executives with separate e-learning sessions to raise the Group companies’ awareness of security measures. Moreover, we develop a system defense structure to protect information from being falsified, destroyed, leaked, lost, etc. due to negligence or outside intrusion. We also conduct information security audits to ensure that these measures are working effectively and to detect and address any problems.
Komatsu signed the United Nations Global Compact in 2008. In an effort to apply its major principles for protecting human rights, Komatsu utilized the help of external experts (BSR, or Business for Social Responsibility) to conduct a human rights risk assessment for all of its construction/mining equipment and forestry machinery businesses worldwide in 2014 and once again in 2017, taking guidance from the Universal Declaration of Human Rights and the U.N. Guiding Principles on Business and Human Rights.
The human rights risk might not be removed depending on the business, area and contractors, so we will respond flexibly as needed.
In response to the "Modern Slavery Act 2015" (a law preventing the system of slavery in the current era) being enacted by the UK in October 2015, Komatsu UK Ltd. revised its “Slavery and Human Trafficking Statement for the Financial Year 2015.” disclosed on the web site.Recognizing the possibility of the risk of human rights violation occurring in Komatsu's business operations and its supply chains, this statement reports how such an issue will be properly managed.
|Content of Training||Business Site|
|Earthquake initial response training
Communication training with Broad-area Wireless Devices
Major business sites in Japan
All Group companies in Japan
|Name of Course||Target|
|New Employee Training||
New employees (both new graduates and experienced hires)
|e-learning Information Security (Basic Course)||
All employees who use PCs at work
|e-learning Information Security (Management Course)||
All managers (line managers such as GMs and section mangers)
|Training for responding to targeted attack e-mails||
All employees who use PCs to perform duties