Risk Management
Approach to Risk Management
Stance on Risk Management
As a Group that operates globally across a wide range of fields, Kawasaki regards the management of serious risks that could impede its business activities as important. Kawasaki's overall risk management system entails the integrated execution of business segment-level risk management and Group-wide risk management. Based on the Group's Risk Management Regulations, Kawasaki has established a Group-wide enterprise risk management framework and created manuals outlining specific risk management procedures. By comprehensively understanding potential risks based on shared Group standards, we work to avoid and minimize risks and loss caused by risks. With regard to the risks associated with the execution of individual businesses, the relevant divisions carry out assessments and analyses and sufficiently examine countermeasures in advance in accordance with Kawasaki’s Board of Directors Regulations, Management Meeting Regulations, Approval Regulations, and other related rules. The Company practices even more thorough risk management for major projects with significant impact on operations in accordance with such corporate regulations as the Major Project Risk Management Regulations. This includes management at the time of bidding and concluding agreements for such projects as well as regular follow-up by the Head Office and business segments as needed after a project begins.
Kawasaki Group Policy on Risk Management
In line with its objective of achieving sustainable corporate growth and medium- to long-term improvement in its corporate value, the Kawasaki Group will put in place preemptive risk management measures against a variety of risks that could exert a significant impact on business operations while striving to ensure that, should such a risk materialize, the resulting damage is minimized. To this end, the Group established the Kawasaki Group Policy on Risk Management with the aim of acting as a company worthy of the trust of society.
Risk Management System
The Kawasaki Group has established a Group-wide enterprise risk management (ERM) framework to render any risks more transparent and to ensure that they are effectively addressed. Through this system, we identify and respond to major risks with the potential for serious impact on operations and work to enhance risk management as outlined in the Kawasaki Group Management Principles. In order to appropriately handle diverse risks, Kawasaki has established the owners of risk (Company-wide/functional internal committees and internal divisions of each business segment) as our first line of defense, depending on the type of risk. While streamlining and implementing management methodology and management systems, we have devised a system for the centralized monitoring of the effectiveness and workability of such management systems, thereby managing risks both individually and comprehensively. In addition, we have also set up a second line of defense in the form of the Risk Management Department, an organization that stands independent of Company-wide/functional internal committees and business segments that are responsible for the first line of defense. The Risk Management Department compiles analysis reports on our risk management status and global risk trends surrounding the Company through risk monitoring, and the director responsible for risk management reports this information to the Board of Directors four times annually. After the Board of Directors deliberates and selects the important risks that the Company should pay close attention to currently, those risks are reported to the Management Committee and reflected in the measures of the operating divisions. In order to deliberate and promptly address any rapidly emerging risk from the recent geopolitical issues as well as climate, governmental, and economic instability, Board of Director meetings are held on an as-needed basis. The Auditing Department, which is independent from the first and second lines of defense, assess the effectiveness of risk management and governance as a third line of defense.
Risk Management System
Responsible Officers
Director Responsible for Risk Management (CRO): Katsuya Yamamoto, Representative Director, Senior Corporate Executive Officer
Executive Officer Responsible for Risk Management: Hideki Hiramatsu, General Manager of Corporate Planning Division and Executive Officer
Risk Assessment
Risks Covered and Risk Assessment Methods
The Kawasaki Group defines risks as "factors or phenomena that hinder the execution of business operations or the achievement of organizational goals" and works to manage all risks classified as either external risks or internal risks (with the latter further classified as strategic risk or business risk), while giving due consideration to the positive effects associated with strategic and other risks. The Group’s risk management process consists of a version of the COSO framework and ISO 31001, customized for the Group’s environment and circumstances. Risk monitoring activities are reported to the Board of Directors four times a year, and the Board selects and sets priority risks that the Group should pay close attention to currently, and based on the results, feedback is provided to the departments at risk. Further, for items judged to be high risk by the Board, we focus on risk monitoring activities called “checking the appropriateness of risk management activities.”
Risk Factors Currently Covered in the Scope of Risk Management
Types of risks | |||||
---|---|---|---|---|---|
External Environment | Government/Regulatory authorities | Laws and regulations | Internal Environment | Business strategy | Vision (strategies and policies) Corporate governance, etc. |
Financial institutions/Investors | Raising capital | Business functions | Legal affairs (contracts and lawsuits) Intellectual property, security, etc. |
||
Market expectations | Management and efficiency | Project management Finance and accounting, personnel management, etc. |
|||
Customers/Consumers/Competitor companies/New entrants | Emergence of competitors, market changes Technological innovation |
Technological innovation | Product development, etc. | ||
Job seekers | Securing human resources | Product defects | Quality management and quality assurance, etc. | ||
Suppliers | External procurement | Production capacity | Process control, etc. | ||
Business partners | Supply chain and logistics | Governance and compliance | Organizational fraud, harassment, internal control etc. | ||
Nature/Social culture/Population | Disasters, environmental pollution, SDGs, CSR, climate change, biodiversity, etc. |
Risks That the Group Should Pay Close Attention to Currently
As a result of company-wide monitoring activities, the Group has determined the following risks that should currently be paid close attention to in the order of severity.
Priority risks to pay close attention to | Degree of severity (risk ranking) |
Hazard assessment | ||||
---|---|---|---|---|---|---|
Status of manifestation | Timing of impact | Impact on profit | Difficulty of taking action | |||
Quality management | Extremely high | 1 | Highest | Highest | Highest | High |
Contracts, IP | Extremely high | 1 | Highest | Highest | Highest | High |
Compliance | Extremely high | 3 | Highest | Highest | High | High |
Geopolitics, international circumstances (economic security), distribution difficulties, rising materials cost, inflation, etc. | High | 4 | Highest | High | High | High |
Progress and misuse of technologies (AI and cyber security) | High | 5 | High | Highest | Medium | High |
Shortages of human resources and personnel | Medium | 6 | High | High | Medium | High |
Carbon neutrality (Climate change) | Medium | 6 | High | Medium | High | High |
Natural disasters in Japan | Medium | 8 | Medium | Medium | High | High |
China/Taiwan relations | Medium | 8 | Medium | Medium | High | High |
Risk Response Status
Risks to pay close attention to | Risk awareness and status of responses |
---|---|
Quality assurance →Quality management and quality assurance risks |
|
Strengthening contract management →Contract risks |
|
Compliance →Governance and compliance risks |
|
Geopolitics and international circumstances (economic security) →Geopolitical risks |
|
Strengthening and maintaining appropriate levels of cyber security →Cyber security risks |
|
Securing and developing human resources →Risk of shortage of human resources and personnel |
|
Addressing carbon neutrality <Global Risks> →Climate change countermeasures →Abnormal climate conditions |
|
Natural Disasters in Japan |
|
China-Taiwan relations |
|
Emerging Risks
Emerging risks that may have an impact in the medium to long term (in three to five years) and are of serious importance are as follows.
Risks related to developing decarbonized products | |
---|---|
Overview of risk | Many of the Kawasaki Group’s products use fossil fuels, and the net sales of three businesses—the Energy Solution & Marine Engineering Company (manufacture of power-generation facilities, various industrial plants, ships, etc.), Aerospace Systems Company (manufacture of aircraft, etc.), and Kawasaki Motors, Ltd. (manufacture of motorcycles, four-wheel utility vehicles, etc.)—account for 73% of our consolidated sales (fiscal 2023). In addition, nearly 90% of CO2 emissions from the lifecycle of our Group’s products (from procurement of raw materials to disposal) are generated in the use of Scope 3 Category 11 products. Under the Paris Agreement, the world's major emitting countries including Japan set a goal of achieving carbon neutrality by 2050. Accordingly, it is expected there will be changes to the external environment, including major changes to the energy composition, tightened regulations on CO2 emissions such as the introduction of carbon taxes, a surge in raw material prices, and greater customer demand for improvements to product performance. Furthermore, we believe that there will be a serious impact on our Group's performance if we are unable to launch as planned the products and solutions that will contribute to decarbonization that the Group is researching and developing, or if products are launched by our competitors that have a competitive advantage. |
Potential impact | Demand for products that contribute to decarbonization is forecast for Europe, North America, Japan, and elsewhere. The majority of our Group's customers are located in Europe, North America, and Japan. They account for 80% of net sales (fiscal 2023). Accordingly, in the event that future climate change risks become actualized, current products and solutions may lose their competitive advantage, it could have a significant impact on business plans, and that impact may be prolonged. |
Mitigation measures | We are moving forward on the transition to products that use cleaner power sources, such as by switching to electric power for products and by developing products that use hydrogen as a power source. Specifically, we launched two models of electric motorcycle in 2023, and we plan to launch a hybrid motorcycle in 2024. Furthermore, we are engaged in developing internal combustion engines that can handle a variety of fuels and contribute to carbon neutrality, such as our aim to put into practical use hydrogen engine motorcycles by the first half of the 2030s. Additionally, we are developing products that will be able to handle the next generation of fuels, such as introducing power generation equipment that allows for mixed hydrogen or exclusive hydrogen firing, and developing hydrogen aircraft. |
Cyber security risks | |
---|---|
Overview of risk | Recently, cyberattacks over the internet have been growing more sophisticated, even taking place on a global scale. Generally speaking, there have been cyberattacks against companies through malware such as computer viruses, and there is a rise in such risks as “serious information leaks occurring,” “ransomware attacks that cause systems to go down and make it difficult for business activities to continue,” and “damages that arise from business email fraud.” In addition, there are risks that cannot be ignored from cyberattacks somewhere in the supply chain whose impact on parts procurement and subcontracted processes affects this Group's business.In the office, while workstyle reforms have led remote work to take root and employees can select from a variety of working styles, the risk of being infected by malware is also on the rise from using company-supplied PCs in environments outside the company. In plants and other production sites, creating smart factories through the use of digital technologies is on the rise, leading to significant improvements in productivity and convenience. However, with that risks that could have a major impact on business activities are rising, such as cyberattacks that lead to interruptions in production activities and stoppages. Among these, with the digital transformation of plants being promoted at the Kawasaki Group and elsewhere, work to visualize plant operations through the use of telecommunications networks and digital technologies is moving forward. As a result, the risk of being damaged by cyberattacks is increasing. |
Potential impact | In the event of a cyberattack, there is the possibility that not only our confidential information but also that of our customers and business partners will be leaked. In particular, because Kawasaki Group manufactures products that are related to public infrastructure and defense equipment, we believe that taking cyber security measures is extremely important. In addition, while we are encouraging digital transformation with the goal of having plans that are connected throughout the value chain, in the event that there is damage due to a cyberattack somewhere in the supply chain, there is the possibility that it will have an impact on operations not just in the Kawasaki Group but also throughout the entire supply chain. |
Mitigation measures | We have developed a global security policy conforming with the National Institute of Standards and Technology (NIST) cyber security framework, and have established all regulations relating to information security aligned with this policy as part of our measures to deal with cyber security risks. We are steadily building a technical defense mechanism conforming with the NIST cyber security framework and a defense system that operates 24 hours a day and all year round. We are also steadily promoting education and awareness raising among employees with regard to these policies, regulations, and technical defense mechanisms. In addition, we are implementing countermeasures for issues as they come to light following analyses of the current situations at respective production sites. Kawasaki has completed a campaign to alert our major suppliers on cyber security measures for the supply chain through procurement departments and has published information security guidelines for suppliers. |
Risk Culture
Risk Management Training and Awareness Building
Kawasaki explains the importance of risk management in its grade-specific training programs for employees. In addition, our commitment to improving our enterprise value based on the guiding principles of “selective focusing of resources,” “emphasis on quality over quantity,” and “risk management” is clearly stated in the Kawasaki Group Management Principles, part of the Kawasaki Group Mission Statement. We also post the Mission Statement at work areas and distribute Mission Statement cards to employees to build awareness of these principles.
Risk Management Training for Directors
Lectures on economic security and leadership in crisis management are conducted by experts approximately twice each year for members of the Board of Directors including Outside Directors. From the perspective of economic security, in light of developments concerning the protection of both civilian and advanced technologies that have military applications, which have deep implications for our business, we have been holding lectures on related topics with the goal of protecting our employees from the rising risk of covert manipulation targeting employees for purposes of fraudulently using our business information.
Crisis Management
The Kawasaki Group's Risk Management Regulations contain crisis management provisions set out in readiness for the emergence of a risk. These regulations set forth behavioral guidelines and response systems that serve to protect lives and preserve assets, minimize damage and loss, and expedite the resumption of business activities in the event of unplanned interruption.
Basic Policy
Paragraph 3 of the basic policy of the Group’s Risk Management Regulations lays out the Kawasaki Group's policy for responding to crises. In addition to, of course, putting human lives first, the policy also clearly lays out the Company's priority of fulfilling its social responsibility as a company involved in infrastructure-related industries. Specifically, in the event of a major earthquake, we will help operate equipment used for disaster relief (such as aircraft and ships), work to quickly restore and maintain the operation of infrastructure (such as rolling stock, power generation facilities, and waste processing facilities), and support our customers and suppliers.
Crisis Management System (at Times of Crisis and Non-Crisis)
In readiness for risks, including large-scale disasters, we maintain a Group-wide horizontally integrated Crisis Management Organization at all times. The president is the Group’s Chief Crisis Management Officer, while the head of each operating site or organizational unit acts as its crisis management officer. Crisis management offices are set up under the crisis management officers to assist them and are charged with the practical work of putting in place and maintaining a first response system in normal times for mobilization in the event of an emergency. Meanwhile, the heads of the various Head Office divisions and other staff members whom they designate form an expert support team for the crisis management offices.
In Times of Disaster or Accident
The crisis management system sets out in advance emergency reporting lines and organizations charged with responding when emergencies occur. Complementary to the emergency reporting lines, we have set up contact networks covering each business segment and operating site to ensure quick internal reporting and information promulgation.
Crisis Management System in Times of Disaster or Accident (Reporting Lines)
Emergency Communication System
The Kawasaki Group has introduced an emergency communication system for the entire domestic Group to rapidly confirm the safety of employees when a disaster occurs. Tests are conducted every year to ensure that employees are familiar with the system and know how to use it.
Business Continuity Plans
A business continuity plan (BCP) is itself a management strategy. In addition to typical measures related to response immediately after a disaster, such as setting up disaster-prevention supplies and running evacuation drills, a BCP requires consideration of measures to continue business operations with minimal interruption and fulfill the corporate mission. Based on the basic policy of the Risk Management, the Kawasaki Group has formulated BCPs for major earthquakes, pandemics, and other disasters.
Business Continuity Plan Review
The lessons learned in the Great Hanshin Earthquake, which hit the Kobe area in January 1995, formed the basis of the Group’s disaster-prevention measures. In light of the Great East Japan Earthquake of March 2011, the Group significantly revised its BCP for large-scale earthquakes. In response to the COVID-19 pandemic in 2020, we have revised our pandemic response BCP to include, for example, remote working and other new workstyles. Furthermore, we regularly implement drills and use the results to revise BCPs on an ongoing basis.
- Basic Policy
Based on basic policy, determine course of action to be taken by the Kawasaki Group in the event of natural disasters. - Head Office and Each Business Segment Priorities
With the basic policy in mind, designate functions to be maintained at the Head Office and each business segment even in the event of disaster. We have identified priorities for the Head Office and business segments in line with our basic policy and have designated certain functions that must be maintained even in the event of disaster with due consideration given to the different business content of each business segment and the features inherent in products and services. - Response in Times of Disaster and Preparation during Normal Times
Consider responses appropriate in the wake of disaster and prepare for the eventuality of such events during normal times. Many disaster scenarios indicate the possibility of a massive earthquake centered directly under Tokyo as well as a cascade-like triple megaquake event along the Tokai–Tonankai–Nankai segment of the Pacific Ocean coastline. Bearing these potential events in mind, we considered the responses necessary should such catastrophes occur and activities that could be undertaken during normal times to prepare for such eventualities. We formulated a plan that designates specific divisions with specific tasks, and outlined preparations necessary to achieve the desired objectives. Preparations are moving ahead in line with this plan. - Drills and Revisions
Run drills regularly and revise BCP content based on the results.
We are constantly running drills based on BCP and revising BCP content based on how the drills were performed.
Details of Business Continuity Plan Review
Against a backdrop of growing uncertainty regarding the future of the global economic, including the risks of pandemic, conflict, resources, new energy, and environmental issues, in light of the Japanese government and external demands, we are working to expand the scope of activities and strengthen education and training to establish a BCP that can respond to any crisis that occurs in the future, rather than focusing on earthquake and pandemic crises.
Strengthen BCP Education and Training
Expand Scope of Action