The Komatsu Group recognizes all uncertainties that could threaten the Group's sustained growth as risks, particularly compliance issues, environmental issues, product quality concerns, accidents, information security problems, and elimination of anti-social forces. The company has adopted the following measures to counter these risks.
Basic Principles and Structure for Risk Management
Risk Management Structure
- In addition to the basic policy for risk management to ensure business continuity and stable development, Komatsu has established Risk Management Rules to correctly recognize and manage risks.
- Komatsu has established a Risk Management Committee to devise relevant policies for the entire Group, review the risk management system, and evaluate and improve upon response measures in place for each risk, as well as to take control of risks when they arise. The committee regularly reports on its deliberations and activities to the board of directors.
- Komatsu will establish an emergency headquarters when serious risks occur and implement appropriate measures to minimize damage.
Systems and Status in FY2016
Implementing a Business Continuity Plan for Komatsu
In order to quickly confirm the safety of employees and their families in the event of an accident or disaster, and to be able to continue or quickly restart important business operations, Komatsu has formulated a business continuity plan (BCP). In addition, at our head office buildings and all production plants, we assume the possible occurrence of earthquakes and conduct regular training so that in the event of a disaster everyone will be able to act quickly and appropriately. Furthermore, at our production plants, we are working on seismic strengthening for buildings and equipment, as well as reinforcement against damage from torrential rains, according to the production plant's plans. Also, in case of an outbreak or epidemic of a new type of influenza, we will establish a special committee and take appropriate measures. For our employees we have compiled a manual with information regarding preventative measures and what actions to take in case of infection, and we also provide training sessions to promote a thorough understanding of these measures.
Koriyama Plant BCP Training
Kanazawa Plant BCP Training
Promoting Risk Management throughout the Group
To reinforce the risk management structure across the Group, including overseas subsidiaries, Komatsu is establishing channels for risk reporting, creating a risk management manual, etc. Also Komatsu is conducting BCP initial response training at the sales and service bases in Japan to raise the level of risk management and response to disasters. Additionally, Komatsu is strengthening its Group-wide system for contacting employees during an emergency by introducing safety confirmation systems, broad-area wireless devices, and conducting regular training for safety reporting and communication.
Conducting Compliance and Risk Audits
As a part of its risk management activities, Komatsu has been conducting compliance and risk audits (CR audits) since FY2008. These cover areas not included in the J-SOX audits, which are conducted in accordance with the Financial Instruments and Exchange Act of Japan to evaluate internal controls related to financial reporting and identify potential compliance risks within the company, with a particular focus on confirming and evaluating the status of legal compliance. Our internal specialist team conducts the internal audits at Komatsu and its Japanese/overseas affiliates, as well as independently-owned distributors and Midori-kai member companies.
The audited items are: 1. Safety; 2. Environment; 3. Labor; 4. Finance and Treasury; 5. Quality Assurance and Recall; 6. Vehicle Inspections and Specific Voluntary Inspections (inspections done on construction equipment, similar to vehicle inspections); 7. Export Control; 8. Information Security; and 9. Anti-monopoly Act.
Through these audits, we strive to raise the control and compliance awareness levels at each company and in every department. Going forward, we would like to improve our case-by-case audit method and raise the operational level of CR audits as a part of risk management functions.
Strengthening Information Security
Komatsu is developing an information security structure for the entire Group, placing the Information Security Committee at its center. As one sphere of this structure, the company distributes an Information Security Guidebook to all employees. In conjunction with this, it provides education and awareness-raising activities based on the Guidebook, with the belief that raising individual employee consciousness of information security is essential. The company is developing a structure to protect information from being falsified, leaked or lost, even in cases of negligence or outside intrusion. In addition, it is conducting information security audits to ensure that these measures are working effectively and to detect and address any problems.
Human Right Management Issues
Komatsu signed the United Nations Global Compact in 2008. In an effort to apply its major principles for protecting human rights, Komatsu with the help of external experts conducted a human rights risk assessment for all of its construction/mining equipment and forestry machinery businesses worldwide in 2014, referring to the Universal Declaration of Human Rights and the U.N. Guiding Principles on Business and Human Rights.
The results showed that the degree of urgency for problems occurring is low, while the degree of effect if a problem does occur is moderate. They also pointed to the need for Komatsu to move beyond its current assessment efforts toward evaluating the activities of partner companies, such as parts suppliers and our network of distributors that provide products and services to our customers. In light of the results, we intend to continue implementing the necessary measures.
Corresponding to the Modern Slavery Act (UK)
In response to the “Modern Slavery Act 2015”, a law preventing the system of slavery in the current era, being enacted by UK in October 2015, Komatsu UK Ltd. disclosed its “Slavery and Human Trafficking Statement for the Financial Year 2015.” Recognizing the possibility of the risk of human rights violation occurring in Komatsu’s business operations and its supply chains, this statement reports how such an issue will be properly managed.
Record of BCP Training
|Content of Training||Business Site|
|Communication training with Broad-area Wireless Devices
(Communication training between contiguous business sites, communication training to the head office)
Major business sites in Japan
All group companies in Japan
|Earthquake Initial Response, BCP Training||
Head office, KOMATSU Way Global Institute, Awazu Plant, Kanazawa Plant, Osaka Plant, Ibaraki Plant, Shonan Plant, Oyama Plant, Koriyama Plant, Tochigi Plant, KELK, Gigaphoton, Komatsu NTC, Komatsu Safety Training Center, Aichi Office (Nagoya), Hiroshima Office (Hiroshima)
Implementation of Compliance and Risk Audits
Employee Education (Information Security)
|Name of Course||Target|
|New Employee Training||
New hires (both new graduates and experienced hires)
|e-learning Information Security (Basic Course)||
All employees who use PCs at work
|e-learning Information Security (Management Course)||
All managers (line managers such as GMs and section mangers)