025 gloria blue nega

Theme 3 : Growing with Society

Risk Management

Risk Management

Risk Management

The Komatsu Group recognizes all uncertainties that could threaten the Group's sustainable growth to be major risks, particularly compliance issues, environmental issues, product quality concerns, hazardous accidents, information security problems and anti-social forces. The company has adopted the following measures to counter these risks.

Basic Principles and Structure for Risk Management

  • In addition to the basic policy for risk management to ensure business continuity and stable development, Komatsu has established Risk Management Rules to correctly recognize and manage risks.
  • Komatsu has established a Risk Management Committee to devise relevant policies for the entire Group, review the risk management system, and evaluate and improve upon response measures in place for each risk, as well as to take control of risks when they arise. The committee regularly reports on its deliberations and activities to the board of directors.
  • Komatsu will establish an emergency headquarters when serious risks occur and implement appropriate measures to minimize damage.
  • We are developing risk reporting lines, preparing related manuals and making other efforts to further improve the risk management system of the entire Group, including overseas subsidiaries.
  • We have reflected climate change risks in this system for management.

Risk Management Structure

Risk Management Structure

Specific initiatives

Establishing a business continuity plan (BCP) and providing training

Komatsu has established a BCP to continue or quickly restore important operations. We implemented initial response training at each base in Japan to improve their risk management level and their ability to respond to disasters. We have introduced the safety check system to promptly check the safety of employees and their families when a disaster or accident occurs as well as wide-area wireless devices and other tools at each base of the group. Through regular safety reporting and communication training, we are enhancing the emergency communication capabilities of the entire group. Each base in Japan also conducts regular training to ensure that appropriate actions are taken during a disaster by role-playing the occurrence of a large earthquake.
Furthermore, considering the recent frequent occurrence of large natural disasters, each of our bases is seismically reinforcing buildings and facilities and enhancing countermeasures against concentrated heavy rains based on their own plans. We are focused on not only strengthening the BCP of each base of the Komatsu Group but also strengthening the supply chain system through our support of our business partners as they establish and improve their BCPs. Komatsu will continue to promote and enhance our Group-wide BCP initiatives.

BCP training

BCP training at Osaka Plant
BCP training at Osaka Plant
BCP training at Osaka Plant
BCP training at GIGAPHOTON

Response to the COVID-19 coronavirus

With the safety and health of our customers, partner companies, people in local communities, and our employees and their families set as our priority, the Komatsu Group is striving to prevent the spread of the COVID-19 coronavirus based on the government policies in each country.
To fulfill our responsibilities to customers involved in businesses that support social infrastructure (essential businesses), we have continued to supply products, parts, and services to our customers while thoroughly taking measures to prevent infection.
In the middle ofd March, we determined that we had entered the Infection and Pandemic phase, a management item in the Basic Manual for Risk Management, and set up an Emergency Task Force with our president as its Chairperson. Since the state of emergency was declared in Japan in April, we have carried out remote meetings almost every day including the president, internal directors, and the heads of functions to share the latest information about the situation at the global level and determine the correct actions to take. In addition, the president also regularly reported this information and these actions to the board of directors.
We have posted news releases on our website to keep all stakeholders updated on the status of our global production activities, etc. as needed, striving to ensure that information is delivered promptly to all stakeholders.

Risk Management Structure

Conducting Compliance and Risk Audits

As a part of its risk management activities, Komatsu has been conducting compliance and risk audits (CR audits) since FY2008. These covered areas are not included in J-SOX audits, which are conducted in accordance with the Financial Instruments and Exchange Act of Japan to evaluate the internal controls related to financial reporting, and identify potential compliance risks within the company, with a particular focus on confirming and evaluating the status of legal compliance. Our internal specialist team conducts the internal audits at Komatsu and its Japanese/overseas affiliates, as well as at independently owned distributors and business partners. Through these audits, we strive to raise control and compliance awareness levels at each company and in every department. We are improving our audit method according to changes in the business environment and raising the operational level of CR audits as a part of our risk management functions.
The audited items are:
1. Safety, 2. Environment, 3. Labor, 4. Finance and Treasury, 5. Quality Assurance and Recall, 6. Vehicle Inspections and Specific Voluntary Inspections (inspections required by law), 7.Export Control, 8. Information Security, 9. the Anti-monopoly Act, 10. the Subcontract Act
In addition, as CR audits that cover areas across the above items, we implement field instructor audits (Safety, Environment) and audits of sales office bases (Finance and Treasury, Labor, Information Security), which are implemented at each distributor base, as well as audits of overseas representative offices (Finance and Treasury, Labor, Information Security), which are implemented for overseas offices.

Strengthening Information Security

Komatsu is developing an information security structure for the entire Group, placing the Information Security Committee at its center. As part of this structure, we distribute an Information Security Guidebook to all employees, based on which we provide education and awareness-raising activities, with the belief that raising the awareness of individual employees is essential for information security. We provide employees of the Group companies who use PCs with basic education on information security through e-learning and training for responding to targeted attack e-mails that uses fraudulent messages. Additionally, we provide our executives with e-learning to raise Group companies’ awareness of security measures.

Moreover, we develop a system defense structure to protect information from being falsified, destroyed, leaked, lost, etc. due to negligence or outside intrusion. We also conduct information security audits to ensure that these measures are working effectively and to detect and address any problems.

DATA

Record of BCP Training

Content of Training Business Site
Earthquake initial response training
BCP training
Communication training with Broad-area Wireless Devices

Major business sites in Japan

Safety Reporting

All Group companies in Japan

Implementation of Compliance and Risk Audits

Implementation of Compliance and Risk Audits

Employee Education (Information Security)

Name of Course Target
New Employee Training

New employees (both new graduates and experienced hires)

e-learning Information Security (Basic Course)

All employees who use PCs at work

e-learning Information Security (Management Course)

All managers (line managers such as GMs and section mangers)

Training for responding to targeted attack e-mails

All employees who use PCs to perform duties

komatsu csr