025 gloria blue nega

Theme 3 : Growing with Society

Risk Management

Risk Management

Risk Management

The Komatsu Group recognizes all uncertainties that could threaten the Group's sustainable growth as major risks, particularly compliance issues, environmental issues, product quality concerns, hazardous accidents, information security problems and elimination of anti-social forces. The company has adopted the following measures to counter these risks.

Basic Principles and Structure for Risk Management

Risk Management Structure

  • In addition to the basic policy for risk management to ensure business continuity and stable development, Komatsu has established Risk Management Rules to correctly recognize and manage risks.
  • Komatsu has established a Risk Management Committee to devise relevant policies for the entire Group, review the risk management system, and evaluate and improve upon response measures in place for each risk, as well as to take control of risks when they arise. The committee regularly reports on its deliberations and activities to the board of directors.
  • Komatsu will establish an emergency headquarters when serious risks occur and implement appropriate measures to minimize damage.

Specific initiatives

Improvement of risk management system including the Group companies

We are developing risk reporting lines, preparing related manuals and making other efforts to further improve the risk management system of the entire Group, including overseas subsidiaries. In connection with a business continuity plan (BCP), each office in Japan carries out initial response training to raise the level of risk management and response to disasters. We are also strengthening the emergency communication functions of the entire Group by developing tools such as the safety confirmation system and broad-area wireless devices, and conducting periodical training programs for the reporting of safety and telecommunications.

Establishing a business continuity plan (BCP) and providing training

Komatsu has established a BCP to promptly check the safety of its employees and their families and to continue or quickly restore important operations when a disaster or accident strikes. The head office building and factories conduct periodical training to facilitate appropriate actions taken in an actual disaster by role-playing the occurrence of a large earthquake. In addition, the factories increase the seismic capacity of their buildings and facilities and take measures against torrential rains based on their respective plans.

BCP training at Oyama Plant

BCP training at Awazu Plant

Conducting Compliance and Risk Audits

As a part of its risk management activities, Komatsu has been conducting compliance and risk audits (CR audits) since FY2008. These cover areas are not included in the J-SOX audits, which are conducted in accordance with the Financial Instruments and Exchange Act of Japan to evaluate internal controls related to financial reporting and identify potential compliance risks within the company, with a particular focus on confirming and evaluating the status of legal compliance. Our internal specialist team conducts the internal audits at Komatsu and its Japanese/overseas affiliates, as well as independently-owned distributors and Midori-kai member companies.

The audited items are: 1. Field instructor ;2. Safety; 3. Environment; 4. Labor; 5. Finance and Treasury; 6. Audit of sales office base business operation;7. Quality Assurance and Recall; 8. Vehicle Inspections and Specific Voluntary Inspections (inspections done on construction equipment, similar to car inspections); 9. Export Control; 10. Information Security; 11. the Anti-monopoly Act; 12. the Subcontract Act; and 13. Overseas Representative Offices.

Through these audits, we strive to raise the control and compliance awareness levels at each company and in every department. Going forward, we would like to improve our case-by-case audit method and raise the operational level of CR audits as a part of risk management functions.

Strengthening Information Security

Komatsu is developing an information security structure for the entire Group, placing the Information Security Committee at its center. As part of this structure, we distribute an Information Security Guidebook to all employees, based on which we provide education and awareness-raising activities, with the belief that raising the awareness of individual employees is essential for information security. We provide employees of the Group companies who use PCs with basic education on information security through e-learning and training for responding to targeted attack e-mails that uses fraudulent messages.

Additionally, we provide our executives with separate e-learning sessions to raise the Group companies’ awareness of security measures. Moreover, we develop a system defense structure to protect information from being falsified, destroyed, leaked, lost, etc. due to negligence or outside intrusion. We also conduct information security audits to ensure that these measures are working effectively and to detect and address any problems.

Human Right Management Issues

Komatsu signed the United Nations Global Compact in 2008. In an effort to apply its major principles for protecting human rights, Komatsu utilized the help of external experts (BSR, or Business for Social Responsibility) to conduct a human rights risk assessment for all of its construction/mining equipment and forestry machinery businesses worldwide in 2014 and once again in 2017, taking guidance from the Universal Declaration of Human Rights and the U.N. Guiding Principles on Business and Human Rights.

The human rights risk might not be removed depending on the business, area and contractors, so we will respond flexibly as needed.

Corresponding to the Modern Slavery Act (UK)

In response to the "Modern Slavery Act 2015" (a law preventing the system of slavery in the current era) being enacted by the UK in October 2015, Komatsu UK Ltd. revised its “Slavery and Human Trafficking Statement for the Financial Year 2015.” disclosed on the web site.Recognizing the possibility of the risk of human rights violation occurring in Komatsu's business operations and its supply chains, this statement reports how such an issue will be properly managed.

DATA

Record of BCP Training

Content of Training Business Site
Earthquake initial response training
BCP training
Communication training with Broad-area Wireless Devices

Major business sites in Japan

Safety Reporting

All Group companies in Japan

Implementation of Compliance and Risk Audits

Employee Education (Information Security)

Name of Course Target
New Employee Training

New employees (both new graduates and experienced hires)

e-learning Information Security (Basic Course)

All employees who use PCs at work

e-learning Information Security (Management Course)

All managers (line managers such as GMs and section mangers)

Training for responding to targeted attack e-mails

All employees who use PCs to perform duties

DFF Inc.