Risk Management

Approach to Risk Management

Stance on Risk Management

As a Group that operates globally across a wide range of fields, Kawasaki regards the management of serious risks that could impede its business activities as important and conducts integrated risk management.
 Kawasaki's overall risk management system entails the integrated execution of business segment-level risk management and Group-wide risk management. Based on the Group's Risk Management Regulations, Kawasaki has established a Corporate Risk Management System and created manuals outlining specific risk management procedures. By comprehensively understanding potential risks based on shared Group standards, we work to avoid and minimize risks and loss caused by risks.
 With regard to the risks associated with the execution of individual businesses, the relevant divisions carry out assessments and analyses and sufficiently examine countermeasures in advance in accordance with Kawasaki’s Board of Directors Regulations, Management Meeting Regulations, Approval Regulations, and other related rules. The Company practices even more thorough risk management for major projects with significant impact on operations in accordance with such corporate regulations as the Major Project Risk Management Regulations. This includes management at the time of bidding and concluding agreements for such projects as well as regular follow-up by the Head Office, internal companies, and business divisions as needed after a project begins.

Kawasaki Group Policy on Risk Management

In line with its objective of achieving sustainable corporate growth and medium- to long-term improvement in its corporate value, the Kawasaki Group will put in place preemptive risk management measures against a variety of risks that could exert a significant impact on business operations while striving to ensure that, should such a risk materialize, the resulting damage is minimized. To this end, the Group established the Kawasaki Group Policy on Risk Management with the aim of acting as a company worthy of the trust of society.

Risk Management System

The Kawasaki Group has established a risk management system to ensure a uniform level of risk management across the Group. Through this system, we identify and respond to major risks with the potential for serious impact on operations and work to enhance risk management as outlined in the Kawasaki Group Management Principles.
 In order to appropriately handle diverse risks, Kawasaki designates internal committees and divisions as responsible for specific risk types to establish and operate management methods and systems. In addition, we have established a system for the centralized monitoring of the effectiveness and workability of such management systems, thereby managing risks both individually and comprehensively. Further, four times a year, the director in charge of risk management reports to the Board of Directors the information obtained by the Risk Management Department, an organization that is independent of operating divisions, through risk monitoring and analysis results of global risk trends surrounding the Company. After the Board of Directors selects the important risks that the Company should pay close attention to currently, those risks are reported to the Management Committee and reflected in the measures of the operating divisions.

Risk Management System

Information Security Management System

Responsible Officers
Director Responsible for Risk Management (CRO): Katsuya Yamamoto, Representative Director, Senior Corporate Executive Officer
Executive Officer Responsible for Risk Management: Takeshi Kaneko, General Manager of Corporate Planning Division and Executive Officer

Risk Management Training for Directors

Lectures on economic security and leadership in crisis management are conducted by experts approximately twice each year for members of the Board of Directors including Outside Directors.
 In light of developments in protecting both civilian and advanced technologies that have military applications, which have deep implications for our business owing to trends in economic security, the risk of covert maneuvering against our employees for purposes of using our business information fraudulently is rising. Accordingly, we have been holding related lectures with the goal of protecting our employees.

Risk Assessment

Risks Covered and Risk Assessment Methods

The Kawasaki Group defines risks as "factors or phenomena that hinder the execution of business operations or the achievement of organizational goals" and works to manage all risks classified as either external risks or internal risks (with the latter further classified as strategic risk or business risk), while giving due consideration to the positive effects associated with strategic and other risks.
 The Company's risk management process consists of a version of the COSO framework and ISO 31001, customized for the Company’s environment and circumstances.
 Risk monitoring activities are reported to the Board of Directors four times a year, and the Board selects and sets priority risks that the Company should pay close attention to currently, and based on the results, feedback is provided to the departments at risk. Further, for items judged to be high risk by the Board, we focus on risk monitoring activities called “checking the appropriateness of risk management activities.”

Risk Factors Currently Covered in the Scope of Risk Management

Types of risks
External Environment Government/Regulatory authorities Laws and regulations Internal Environment Business strategy Vision (strategies and policies)
Corporate governance, etc.
Financial institutions/Investors Raising capital Business functions Legal affairs (contracts and lawsuits)
Intellectual property, security, etc.
Market expectations Management and efficiency Project management
Finance and accounting, personnel management, etc.
Customers/Consumers/Competitor companies/New entrants Emergence of competitors, market changes
Technological innovation
Technological innovation Product development, etc.
Job seekers Securing human resources Product defects Quality management and quality assurance, etc.
Suppliers External procurement Production capacity Process control, etc.
Business partners Supply chain and logistics Governance and compliance Organizational fraud, harassment, internal control etc.
Nature/Social culture/Population Disasters, environmental pollution, SDGs, CSR, climate change, etc.

Risks That the Company Should Pay Close Attention to Currently

As a result of company-wide monitoring activities, the Kawasaki Group has determined the following risks that should currently be paid close attention to in the order of severity.

Information Security Management System

Notes: 1. The degree of severity is assessed based on the status of manifestation, timing of impact, impact on profit, and difficulty of taking action.

2: Set to “high” in cases where the period of impact until the impact manifests is short, and set to “low” when the period is long.

Risk Response Status

Risks to pay close attention to Risk awareness and status of responses
Quality assurance
→Quality management and quality assurance risks
  • We are sincerely reflecting on the serious incident involving a series N700 Shinkansen railcar bogie frame, and are committed to making efforts to maintain and improve quality through company-wide promotion of total quality management (TQM), development and design process reform dubbed the Kawasaki Design Process Transformation (K-DPX), and engaging in production improvement activities (KPS: Kawasaki Production System), in order to prevent any recurrence in our business.
→Governance and compliance risks
  • We take the inappropriate conduct that occurred at Kawasaki Thermal Engineering Co., Ltd. very seriously, and we are striving to further beef up compliance. Additionally, the Group as a whole strives to maintain and strengthen governance as violations that deviate from international norms and ethics related to human rights, bribery, competition law, export control, and taxation among other things, lead to a decline in social trust, restrictions on business activities, and an increase in costs related to countermeasures.
Strengthening contract management
→Contract risks
  • For important projects that have a significant impact on business, we are striving to improve business profitability and increase profits by ensuring contract management (such as legal aspects), based on reflections on major losses incurred in the past.
Geopolitics (economic security)
→Geopolitical risks
  • Due to the spread of COVID-19 and Russia's invasion of Ukraine, the impact on the Company's business from climate change, the rise in the cost of materials (including the sharp rise in costs for primary commodities), distribution difficulties, energy issues, and food problems is becoming materializing in conjunction with changes in the global environment and international conditions. We are making efforts to deal with risks from a long-term perspective as a matter of economic security, and we will work to strengthen business continuity.
Strengthening and maintaining appropriate levels of cyber security
→Cyber security risks
  • Cyberattacks are always a high risk in our field of business, and in conjunction with the spread of the digital society, attacks that affect not only intellectual property fraud but all business activities such as supply chain disruptions and our digital infrastructure (DX business infrastructure including after-sales services and remote operations) are rapidly evolving. Hence, we are committed to continued adoption of protective measures and securing our business activities.
Securing and developing human resources
→Risk of shortage of human resources and personnel
  • We recognize that to achieve the Group Vision 2030, it will be necessary to change workstyles and increase employees who play essential roles related to digital transformation and so forth. To do this, will strongly encourage the reskilling of employees and promote diversity and inclusion in our human resources (promote women's advancement, promote the hiring of employees globally and of mid-career professionals) with the goal of strengthening our human capital.
  • In addition, we foster a culture of taking on challenges and will operate a personnel system that enables employees to actively take advantage of opportunities to take on challenges.
Addressing carbon neutrality
Global Risks
→Climate change countermeasures
→Abnormal climate conditions
  • By developing the hydrogen business and decarbonizing products and business activities, we will actively work toward the development of a carbon neutral society, a global social issue.

Emerging Risks

Emerging risks that may have an impact in the medium to long term (in three to five years) and are of serious importance are as follows.

Risks related to developing low-carbon and decarbonized products
Overview of Risk Many of the Kawasaki Group’s products use fossil fuels, and the net sales of three businesses—the Energy Solution & Marine Engineering Company (manufacture of power-generation facilities, various industrial plants, ships, etc.), Aerospace Systems Company (manufacture of aircraft, etc.), and Kawasaki Motors, Ltd. (manufacture of motorcycles, four-wheel utility vehicles, etc.)—account for 73% of our consolidated sales (fiscal 2022). In addition, nearly 90% of CO2 emissions from the lifecycle of our Group’s products (from procurement of raw materials to disposal) are generated in the use of Scope 3 Category 11 products.
 Under the Paris Agreement, the world's major emitting countries including Japan set a goal of achieving carbon neutrality by 2050. Accordingly, it is expected there will be changes to the external environment, including major changes to the energy composition, tightened regulations on CO2 emissions such as the introduction of carbon taxes, a surge in raw material prices, and greater customer demand for improvements to product performance.
 Furthermore, we believe that there will be a serious impact on our Group's performance if we are unable to launch as planned the products and solutions that will contribute to lowering carbon and decarbonization that the Group is researching and developing, or if products are launched by our competitors that have a competitive advantage.
Potential Impact Demand for products that contribute to lowering carbon and decarbonization is forecast for Europe, North America, Japan, and elsewhere. The majority of our Group's customers are located in Europe, North America, and Japan. They account for 77% of net sales (fiscal 2022). Accordingly, in the event that future climate change risks become actualized, current products and solutions may lose their competitive advantage, it could have a significant impact on business plans, and that impact may be prolonged.
Mitigation Measures We are moving forward on the transition to products that use cleaner power sources, such as by switching to electric power for products and by developing products that use hydrogen as a power source. Specifically, in addition to our intentions to launch two types of electric motorcycle in 2023, we also plan to launch a hybrid motorcycle in 2024. Furthermore, we are engaged in developing internal combustion engines that can handle a variety of fuels and contribute to carbon neutrality, such as our aim to put into practical use hydrogen engine motorcycles by the first half of the 2030s.
 Additionally, we are developing products that will be able to handle the next generation of fuels, such as introducing power generation equipment that allows for mixed hydrogen or exclusive hydrogen firing, and developing hydrogen aircraft.
Cyber security risks
Overview of Risk Recently, cyberattacks over the internet have been growing more sophisticated, even taking place on a global scale. Generally speaking, there have been cyberattacks against companies through malware such as computer viruses, and there is a rise in such risks as “serious information leaks occurring,” “ransomware attacks that cause systems to go down and make it difficult for business activities to continue,” and “damages that arise from business email fraud.” In addition, there are risks that cannot be ignored from cyberattacks somewhere in the supply chain whose impact on parts procurement and subcontracted processes affects this Group's business.
 In the office, while workstyle reforms have led remote work to take root and employees can select from a variety of working styles, the risk of being infected by malware is also on the rise from using company-supplied PCs in environments outside the company.
 In plants and other production sites, creating smart factories through the use of digital technologies is on the rise, leading to significant improvements in productivity and convenience. However, with that risks that could have a major impact on business activities are rising, such as cyberattacks that lead to interruptions in production activities and stoppages. Among these, with the digital transformation of plants being promoted at the Kawasaki Group and elsewhere, work to visualize plant operations through the use of telecommunications networks and digital technologies is moving forward. As a result, the risk of being damaged by cyberattacks is increasing.
Potential Impact In the event of a cyberattack, there is the possibility that not only our confidential information but also that of our customers and business partners will be leaked. In particular, because Kawasaki Group manufactures products that are related to public infrastructure and defense equipment, we believe that taking cyber security measures is extremely important.
 In addition, while we are encouraging digital transformation with the goal of having plans that are connected throughout the value chain, in the event that there is damage due to a cyberattack somewhere in the supply chain, there is the possibility that it will have an impact on operations not just in the Kawasaki Group but also throughout the entire supply chain.
Mitigation Measures We have developed a global security policy conforming with the National Institute of Standards and Technology (NIST) cyber security framework, and have established all regulations relating to information security aligned with this policy as part of our measures to deal with cyber security risks.
 We are steadily building a technical defense mechanism conforming with the NIST cyber security framework and a defense system that operates 24 hours a day and all year round. We are also steadily promoting education and awareness raising among employees with regard to these policies, regulations, and technical defense mechanisms.
 In addition, we are implementing countermeasures for issues as they come to light following analyses of the current situations at respective production sites. Kawasaki has completed a campaign to alert our major suppliers on cyber security measures for the supply chain through procurement departments and has published information security guidelines for suppliers.

Risk Culture

Risk Management Training and Awareness Building

Kawasaki explains the importance of risk management in its grade-specific training programs for employees. In addition, our commitment to improving our enterprise value based on the guiding principles of “selective focusing of resources,” “emphasis on quality over quantity,” and “risk management” is clearly stated in the Kawasaki Group Management Principles, part of the Kawasaki Group Mission Statement. We also post the Mission Statement at work areas and distribute Mission Statement cards to employees to build awareness of these principles.

Checking and Reporting of Potential Risks

We have established and are operating the Compliance Reporting and Consultation System for the domestic Kawasaki Group to identify any potential risks that may exist at the employee level.

Crisis Management

The Kawasaki Group's Risk Management Regulations contain crisis management provisions set out in readiness for the emergence of a risk. These regulations set forth behavioral guidelines and response systems that serve to protect lives and preserve assets, minimize damage and loss, and expedite the resumption of business activities in the event of unplanned interruption.

Basic Policy

Paragraph 3 of the basic policy of the Group’s Risk Management Regulations lays out the Kawasaki Group's policy for responding to crises.
 In addition to, of course, putting human lives first, the policy also clearly lays out the Company's priority of fulfilling its social responsibility as a company involved in infrastructure-related industries. Specifically, in the event of a major earthquake, we will help operate equipment used for disaster relief (such as aircraft and ships), work to quickly restore and maintain the operation of infrastructure (such as rolling stock, power generation facilities, and waste processing facilities), and support our customers and suppliers.

Crisis Management System (at Times of Crisis and Non-Crisis)

In readiness for risks, including large-scale disasters, we maintain a Group-wide horizontally integrated Crisis Management Organization at all times.
 The president is the Group’s Chief Crisis Management Officer, while the head of each operating site or organizational unit acts as its crisis management officer. Crisis management offices are set up under the crisis management officers to assist them and are charged with the practical work of putting in place and maintaining a first response system in normal times for mobilization in the event of an emergency. Meanwhile, the heads of the various Head Office divisions and other staff members whom they designate form an expert support team for the crisis management offices.

In Times of Disaster or Accident

The crisis management system sets out in advance emergency reporting lines and organizations charged with responding when emergencies occur. Complementary to the emergency reporting lines, we have set up contact networks covering each internal company, business division, and operating site to ensure quick internal reporting and information promulgation.

Crisis Management System in Times of Disaster or Accident (Reporting Lines)

Information Security Management System

Emergency Communication System

The Kawasaki Group has introduced an emergency communication system for the entire domestic Group to rapidly confirm the safety of employees when a disaster occurs. Tests are conducted every year to ensure that employees are familiar with the system and know how to use it.

Business Continuity Plans

A business continuity plan (BCP) is itself a management strategy. In addition to typical measures related to response immediately after a disaster, such as setting up disaster-prevention supplies and running evacuation drills, a BCP requires consideration of measures to continue business operations with minimal interruption and fulfill the corporate mission.
 Based on the basic policy of the Risk Management, the Kawasaki Group has formulated BCPs for major earthquakes, pandemics, and other disasters.

Business Continuity Plan Review

The lessons learned in the Great Hanshin Earthquake, which hit the Kobe area in January 1995, formed the basis of the Group’s disaster-prevention measures. In light of the Great East Japan Earthquake of March 2011, the Group significantly revised its BCP for large-scale earthquakes. In response to the COVID-19 pandemic in 2020, we have revised our pandemic response BCP to include, for example, remote working and other new workstyles. Furthermore, we regularly implement drills and use the results to revise BCPs on an ongoing basis.

  1. Basic Policy
    Based on basic policy, determine course of action to be taken by the Kawasaki Group in the event of natural disasters.
  2. Head Office and Internal Company Priorities
    With the basic policy in mind, designate functions to be maintained at the Head Office, internal companies and business divisions even in the event of disaster. We have identified priorities for the Head Office, internal companies and business divisions in line with our basic policy and have designated certain functions that must be maintained even in the event of disaster with due consideration given to the different business content of each internal company and business divisions and the features inherent in products and services.
  3. Response in Times of Disaster and Preparation during Normal Times
    Consider responses appropriate in the wake of disaster and prepare for the eventuality of such events during normal times.
     Many disaster scenarios indicate the possibility of a massive earthquake centered directly under Tokyo as well as a cascade-like triple megaquake event along the Tokai–Tonankai–Nankai segment of the Pacific Ocean coastline. Bearing these potential events in mind, we considered the responses necessary should such catastrophes occur and activities that could be undertaken during normal times to prepare for such eventualities. We formulated a plan that designates specific divisions with specific tasks, and outlined preparations necessary to achieve the desired objectives. Preparations are moving ahead in line with this plan.
  4. Drills and Revisions
    Run drills regularly and revise BCP content based on the results.
    We are constantly running BCP drills and revising BCP content based on how the drills were performed.

Details of Business Continuity Plan Review

Against a backdrop of growing uncertainty regarding the future of the global economic, including the risks of pandemic, conflict, resources, new energy, and environmental issues, in light of the Japanese government and external demands, we are working to expand the scope of activities and strengthen education and training to establish a BCP that can respond to any crisis that occurs in the future, rather than focusing on earthquake and pandemic crises.

Strengthen BCP Education and Training

Information Security Management System

Expand Scope of Action

Information Security Management System


If you need more information about our business,
please feel free to contact us.