Risk Management

Approach to Risk Management

Stance on Risk Management

As a Group that operates globally across a wide range of fields, Kawasaki regards the management of serious risks that could impede its business activities as important. Kawasaki's overall risk management system entails the integrated execution of business segment-level risk management and Group-wide risk management. Based on the Group's Risk Management Regulations, Kawasaki has established a Group-wide enterprise risk management framework and created manuals outlining specific risk management procedures. By comprehensively understanding potential risks based on shared Group standards, we work to avoid and minimize risks and loss caused by risks. With regard to the risks associated with the execution of individual businesses, the relevant divisions carry out assessments and analyses and sufficiently examine countermeasures in advance in accordance with Kawasaki’s Board of Directors Regulations, Management Meeting Regulations, Approval Regulations, and other related rules. The Company practices even more thorough risk management for major projects with significant impact on operations in accordance with such corporate regulations as the Major Project Risk Management Regulations. This includes management at the time of bidding and concluding agreements for such projects as well as regular follow-up by the Head Office and business segments as needed after a project begins.

Kawasaki Group Policy on Risk Management

In line with its objective of achieving sustainable corporate growth and medium- to long-term improvement in its corporate value, the Kawasaki Group will put in place preemptive risk management measures against a variety of risks that could exert a significant impact on business operations while striving to ensure that, should such a risk materialize, the resulting damage is minimized. To this end, the Group established the Kawasaki Group Policy on Risk Management with the aim of acting as a company worthy of the trust of society.

Risk Management System

The Kawasaki Group has established a Group-wide enterprise risk management (ERM) framework to render any risks more transparent and to ensure that they are effectively addressed. Through this system, we identify and respond to major risks with the potential for serious impact on operations and work to enhance risk management as outlined in the Kawasaki Group Management Principles. In order to appropriately handle diverse risks, Kawasaki has established the owners of risk (Company-wide/functional internal committees and internal divisions of each business segment) as our first line of defense, depending on the type of risk. While streamlining and implementing management methodology and management systems, we have devised a system for the centralized monitoring of the effectiveness and workability of such management systems, thereby managing risks both individually and comprehensively. In addition, we have also set up a second line of defense in the form of the Risk Management Department, an organization that stands independent of Company-wide/functional internal committees and business segments that are responsible for the first line of defense. The Risk Management Department compiles analysis reports on our risk management status and global risk trends surrounding the Company through risk monitoring, and the director responsible for risk management reports this information to the Board of Directors four times annually. After the Board of Directors deliberates and selects the important risks that the Company should pay close attention to currently, those risks are reported to the Management Committee and reflected in the measures of the operating divisions. In order to deliberate and promptly address any rapidly emerging risk from the recent geopolitical issues as well as climate, governmental, and economic instability, Board of Director meetings are held on an as-needed basis. The Auditing Department, which is independent from the first and second lines of defense, assess the effectiveness of risk management and governance as a third line of defense.

Risk Management System

Information Security Management System

Responsible Officers
Director Responsible for Risk Management (CRO): Katsuya Yamamoto, Representative Director, Senior Corporate Executive Officer
Executive Officer Responsible for Risk Management: Hideki Hiramatsu, General Manager of Corporate Planning Division and Executive Officer

Risk Assessment

Risks Covered and Risk Assessment Methods

The Kawasaki Group defines risks as "factors or phenomena that hinder the execution of business operations or the achievement of organizational goals" and works to manage all risks classified as either external risks or internal risks (with the latter further classified as strategic risk or business risk), while giving due consideration to the positive effects associated with strategic and other risks. The Group’s risk management process consists of a version of the COSO framework and ISO 31001, customized for the Group’s environment and circumstances. Risk monitoring activities are reported to the Board of Directors four times a year, and the Board selects and sets priority risks that the Group should pay close attention to currently, and based on the results, feedback is provided to the departments at risk. Further, for items judged to be high risk by the Board, we focus on risk monitoring activities called “checking the appropriateness of risk management activities.”

Risk Factors Currently Covered in the Scope of Risk Management

Types of risks
External Environment Government/Regulatory authorities Laws and regulations Internal Environment Business strategy Vision (strategies and policies)
Corporate governance, etc.
Financial institutions/Investors Raising capital Business functions Legal affairs (contracts and lawsuits)
Intellectual property, security, etc.
Market expectations Management and efficiency Project management
Finance and accounting, personnel management, etc.
Customers/Consumers/Competitor companies/New entrants Emergence of competitors, market changes
Technological innovation		 Technological innovation Product development, etc.
Job seekers Securing human resources Product defects Quality management and quality assurance, etc.
Suppliers External procurement Production capacity Process control, etc.
Business partners Supply chain and logistics Governance and compliance Organizational fraud, harassment, internal control etc.
Nature/Social culture/Population Disasters, environmental pollution, SDGs, CSR, climate change, biodiversity, etc.

Risks That the Group Should Pay Close Attention to Currently

As a result of company-wide monitoring activities, the Group has determined the following risks that should currently be paid close attention to in the order of severity.

Priority risks to pay close attention to Degree of severity
(risk ranking)		 Hazard assessment
Status of manifestation Timing of impact Impact on profit Difficulty of taking action
Quality management Extremely high 1 Highest Highest Highest High
Contracts, IP Extremely high 1 Highest Highest Highest High
Compliance Extremely high 3 Highest Highest High High
Geopolitics, international circumstances (economic security), distribution difficulties, rising materials cost, inflation, etc. High 4 Highest High High High
Progress and misuse of technologies (AI and cyber security) High 5 High Highest Medium High
Shortages of human resources and personnel Medium 6 High High Medium High
Carbon neutrality (Climate change) Medium 6 High Medium High High
Natural disasters in Japan Medium 8 Medium Medium High High
China/Taiwan relations Medium 8 Medium Medium High High

Notes: 1. The degree of severity is assessed based on the status of manifestation, timing of impact, impact on profit, and difficulty of taking action.

2: Timing of impact is set to “high” in cases where the period of impact until the impact manifests is short, and set to “low” when the period is long.

Risk Response Status

Risks to pay close attention to Risk awareness and status of responses
Quality assurance
→Quality management and quality assurance risks
  • In order to prevent reoccurrence of major quality issues such as cracking of the series N700 Shinkansen railcar bogie frame, we implement company-wide total quality management (TQM) activities; design and manufacturing process innovation; promotion of production improvement activities (KPS: Kawasaki Production System); and personnel education as key strategies.
Strengthening contract management
→Contract risks
  • The revenue-producing model is switching from one focused on technology to one focused on intellectual property and business contracts. In this connection, we develop personnel and organizations with contract-related skills and boost intellectual property strategies.
Compliance
→Governance and compliance risks
  • In order to prevent reoccurrence of inappropriate actions committed by Kawasaki Thermal Engineering Co., Ltd. or impropriety/misconduct including violations of the Subcontract Act, we take steps to maintain a sound organization and employees and boost internal checks including whistle-blowing systems, and work to strengthen compliance management for all of the Group’s businesses.
Geopolitics and international circumstances (economic security)
→Geopolitical risks
  • As political and economic uncertainty grows due to unpredictable international circumstances, various factors impacting our business environment continue to arise in real time, including climbing materials costs, chaos in the distribution sector, stricter regulations, and more. To respond to this situation, we engage in business with a focus on geopolitical factors such as boosting the entire Group’s supply chain, ensuring business continuity, and training personnel in the context of security clearance systems.
Strengthening and maintaining appropriate levels of cyber security
→Cyber security risks
  • As cybercrime rapidly grows more problematic, AI threats are now very tangible. Our Group, which is engaged in social infrastructure projects, collaborates with external specialist organizations to proactively implement maintenance for products and services to ensure customer safety, as well as maintenance and improvement of Group-wide production activities and employee security literacy.
Securing and developing human resources
→Risk of shortage of human resources and personnel
  • In Japan, as government strategies have resulted in greater fluidity of employment, and at the same time labor shortages persist around the world, we are working toward business continuity from the perspective of securing personnel, by implementing employee re-skilling, diversification of human resources, as well as new workstyles that actively incorporates robotics, AI, and more.
  • We foster a culture of taking on challenges and operate a personnel system that enables employees to actively take advantage of opportunities to take on challenges.
Addressing carbon neutrality
<Global Risks>
→Climate change countermeasures
→Abnormal climate conditions
  • The challenge of carbon neutrality is a serious issue the world over. In this connection, we implement the key business strategy of promoting our hydrogen businesses as well as rendering existing business environmentally-friendly. The goal is to accommodate the rapid rise of green energy markets.
Natural Disasters in Japan
  • The occurrence of the Nankai Trough Earthquake as well as a massive earthquake centered directly under Tokyo are considered highly likely in the future. Such an event would have considerable impact on economic activity and our company’s business. Additional severe disaster scenarios include typhoons and torrential downpours. In order to better handle such occurrences, we are implementing business continuity as well as post-disaster relief initiatives, with the primary focus on saving lives.
China-Taiwan relations
  • We continue to operate local subsidiaries assigning the utmost priority to the safety of our employees and their families in China and Taiwan.

Emerging Risks

Emerging risks that may have an impact in the medium to long term (in three to five years) and are of serious importance are as follows.

Risks related to developing decarbonized products
Overview of risk Many of the Kawasaki Group’s products use fossil fuels, and the net sales of three businesses—the Energy Solution & Marine Engineering Company (manufacture of power-generation facilities, various industrial plants, ships, etc.), Aerospace Systems Company (manufacture of aircraft, etc.), and Kawasaki Motors, Ltd. (manufacture of motorcycles, four-wheel utility vehicles, etc.)—account for 73% of our consolidated sales (fiscal 2023). In addition, nearly 90% of CO2 emissions from the lifecycle of our Group’s products (from procurement of raw materials to disposal) are generated in the use of Scope 3 Category 11 products. Under the Paris Agreement, the world's major emitting countries including Japan set a goal of achieving carbon neutrality by 2050. Accordingly, it is expected there will be changes to the external environment, including major changes to the energy composition, tightened regulations on CO2 emissions such as the introduction of carbon taxes, a surge in raw material prices, and greater customer demand for improvements to product performance. Furthermore, we believe that there will be a serious impact on our Group's performance if we are unable to launch as planned the products and solutions that will contribute to decarbonization that the Group is researching and developing, or if products are launched by our competitors that have a competitive advantage.
Potential impact Demand for products that contribute to decarbonization is forecast for Europe, North America, Japan, and elsewhere. The majority of our Group's customers are located in Europe, North America, and Japan. They account for 80% of net sales (fiscal 2023). Accordingly, in the event that future climate change risks become actualized, current products and solutions may lose their competitive advantage, it could have a significant impact on business plans, and that impact may be prolonged.
Mitigation measures We are moving forward on the transition to products that use cleaner power sources, such as by switching to electric power for products and by developing products that use hydrogen as a power source. Specifically, we launched two models of electric motorcycle in 2023, and we plan to launch a hybrid motorcycle in 2024. Furthermore, we are engaged in developing internal combustion engines that can handle a variety of fuels and contribute to carbon neutrality, such as our aim to put into practical use hydrogen engine motorcycles by the first half of the 2030s. Additionally, we are developing products that will be able to handle the next generation of fuels, such as introducing power generation equipment that allows for mixed hydrogen or exclusive hydrogen firing, and developing hydrogen aircraft.
Cyber security risks
Overview of risk Recently, cyberattacks over the internet have been growing more sophisticated, even taking place on a global scale. Generally speaking, there have been cyberattacks against companies through malware such as computer viruses, and there is a rise in such risks as “serious information leaks occurring,” “ransomware attacks that cause systems to go down and make it difficult for business activities to continue,” and “damages that arise from business email fraud.” In addition, there are risks that cannot be ignored from cyberattacks somewhere in the supply chain whose impact on parts procurement and subcontracted processes affects this Group's business.In the office, while workstyle reforms have led remote work to take root and employees can select from a variety of working styles, the risk of being infected by malware is also on the rise from using company-supplied PCs in environments outside the company. In plants and other production sites, creating smart factories through the use of digital technologies is on the rise, leading to significant improvements in productivity and convenience. However, with that risks that could have a major impact on business activities are rising, such as cyberattacks that lead to interruptions in production activities and stoppages. Among these, with the digital transformation of plants being promoted at the Kawasaki Group and elsewhere, work to visualize plant operations through the use of telecommunications networks and digital technologies is moving forward. As a result, the risk of being damaged by cyberattacks is increasing.
Potential impact In the event of a cyberattack, there is the possibility that not only our confidential information but also that of our customers and business partners will be leaked. In particular, because Kawasaki Group manufactures products that are related to public infrastructure and defense equipment, we believe that taking cyber security measures is extremely important. In addition, while we are encouraging digital transformation with the goal of having plans that are connected throughout the value chain, in the event that there is damage due to a cyberattack somewhere in the supply chain, there is the possibility that it will have an impact on operations not just in the Kawasaki Group but also throughout the entire supply chain.
Mitigation measures We have developed a global security policy conforming with the National Institute of Standards and Technology (NIST) cyber security framework, and have established all regulations relating to information security aligned with this policy as part of our measures to deal with cyber security risks. We are steadily building a technical defense mechanism conforming with the NIST cyber security framework and a defense system that operates 24 hours a day and all year round. We are also steadily promoting education and awareness raising among employees with regard to these policies, regulations, and technical defense mechanisms. In addition, we are implementing countermeasures for issues as they come to light following analyses of the current situations at respective production sites. Kawasaki has completed a campaign to alert our major suppliers on cyber security measures for the supply chain through procurement departments and has published information security guidelines for suppliers.

Risk Culture

Risk Management Training and Awareness Building

Kawasaki explains the importance of risk management in its grade-specific training programs for employees. In addition, our commitment to improving our enterprise value based on the guiding principles of “selective focusing of resources,” “emphasis on quality over quantity,” and “risk management” is clearly stated in the Kawasaki Group Management Principles, part of the Kawasaki Group Mission Statement. We also post the Mission Statement at work areas and distribute Mission Statement cards to employees to build awareness of these principles.

Risk Management Training for Directors

Lectures on economic security and leadership in crisis management are conducted by experts approximately twice each year for members of the Board of Directors including Outside Directors. From the perspective of economic security, in light of developments concerning the protection of both civilian and advanced technologies that have military applications, which have deep implications for our business, we have been holding lectures on related topics with the goal of protecting our employees from the rising risk of covert manipulation targeting employees for purposes of fraudulently using our business information.

Crisis Management

The Kawasaki Group's Risk Management Regulations contain crisis management provisions set out in readiness for the emergence of a risk. These regulations set forth behavioral guidelines and response systems that serve to protect lives and preserve assets, minimize damage and loss, and expedite the resumption of business activities in the event of unplanned interruption.

Basic Policy

Paragraph 3 of the basic policy of the Group’s Risk Management Regulations lays out the Kawasaki Group's policy for responding to crises. In addition to, of course, putting human lives first, the policy also clearly lays out the Company's priority of fulfilling its social responsibility as a company involved in infrastructure-related industries. Specifically, in the event of a major earthquake, we will help operate equipment used for disaster relief (such as aircraft and ships), work to quickly restore and maintain the operation of infrastructure (such as rolling stock, power generation facilities, and waste processing facilities), and support our customers and suppliers.

Crisis Management System (at Times of Crisis and Non-Crisis)

In readiness for risks, including large-scale disasters, we maintain a Group-wide horizontally integrated Crisis Management Organization at all times. The president is the Group’s Chief Crisis Management Officer, while the head of each operating site or organizational unit acts as its crisis management officer. Crisis management offices are set up under the crisis management officers to assist them and are charged with the practical work of putting in place and maintaining a first response system in normal times for mobilization in the event of an emergency. Meanwhile, the heads of the various Head Office divisions and other staff members whom they designate form an expert support team for the crisis management offices.

In Times of Disaster or Accident

The crisis management system sets out in advance emergency reporting lines and organizations charged with responding when emergencies occur. Complementary to the emergency reporting lines, we have set up contact networks covering each business segment and operating site to ensure quick internal reporting and information promulgation.

Crisis Management System in Times of Disaster or Accident (Reporting Lines)

Information Security Management System

Emergency Communication System

The Kawasaki Group has introduced an emergency communication system for the entire domestic Group to rapidly confirm the safety of employees when a disaster occurs. Tests are conducted every year to ensure that employees are familiar with the system and know how to use it.

Business Continuity Plans

A business continuity plan (BCP) is itself a management strategy. In addition to typical measures related to response immediately after a disaster, such as setting up disaster-prevention supplies and running evacuation drills, a BCP requires consideration of measures to continue business operations with minimal interruption and fulfill the corporate mission. Based on the basic policy of the Risk Management, the Kawasaki Group has formulated BCPs for major earthquakes, pandemics, and other disasters.

Business Continuity Plan Review

The lessons learned in the Great Hanshin Earthquake, which hit the Kobe area in January 1995, formed the basis of the Group’s disaster-prevention measures. In light of the Great East Japan Earthquake of March 2011, the Group significantly revised its BCP for large-scale earthquakes. In response to the COVID-19 pandemic in 2020, we have revised our pandemic response BCP to include, for example, remote working and other new workstyles. Furthermore, we regularly implement drills and use the results to revise BCPs on an ongoing basis.

  1. Basic Policy
    Based on basic policy, determine course of action to be taken by the Kawasaki Group in the event of natural disasters.
  2. Head Office and Each Business Segment Priorities
    With the basic policy in mind, designate functions to be maintained at the Head Office and each business segment even in the event of disaster. We have identified priorities for the Head Office and business segments in line with our basic policy and have designated certain functions that must be maintained even in the event of disaster with due consideration given to the different business content of each business segment and the features inherent in products and services.
  3. Response in Times of Disaster and Preparation during Normal Times
    Consider responses appropriate in the wake of disaster and prepare for the eventuality of such events during normal times. Many disaster scenarios indicate the possibility of a massive earthquake centered directly under Tokyo as well as a cascade-like triple megaquake event along the Tokai–Tonankai–Nankai segment of the Pacific Ocean coastline. Bearing these potential events in mind, we considered the responses necessary should such catastrophes occur and activities that could be undertaken during normal times to prepare for such eventualities. We formulated a plan that designates specific divisions with specific tasks, and outlined preparations necessary to achieve the desired objectives. Preparations are moving ahead in line with this plan.
  4. Drills and Revisions
    Run drills regularly and revise BCP content based on the results. We are constantly running drills based on BCP and revising BCP content based on how the drills were performed.

Details of Business Continuity Plan Review

Against a backdrop of growing uncertainty regarding the future of the global economic, including the risks of pandemic, conflict, resources, new energy, and environmental issues, in light of the Japanese government and external demands, we are working to expand the scope of activities and strengthen education and training to establish a BCP that can respond to any crisis that occurs in the future, rather than focusing on earthquake and pandemic crises.

Strengthen BCP Education and Training

Information Security Management System

Expand Scope of Action

Information Security Management System

Contact

If you need more information about our business,
please feel free to contact us.

CONTACT