Total Risk Management
Total Risk Management
Basic Concept
While improving shareholder value, Teijin believes its mission is to undertake business activities that satisfy shareholders and other stakeholders. In achieving this mission, we must address all risks (uncertainties) that pose a threat to its realization. Accordingly, we have adopted an organizational and systematic approach to comprehensively and efficiently identify, assess, and manage the risks affecting the entire Group, and to integrate these insights into Group management. The Board of Directors oversees risk management across the Teijin Group, positioning risk assessment as a critical factor in decision-making. This entails formulating management strategies and plans, taking strategic actions, deciding individual investment projects, and assessing various adverse events that could negatively impact the Company. Additionally, we require all Group companies and their executives to fully understand these principles and address any risks that pose a threat to corporate activities. In line with these Basic Principles, Teijin engages in Total Risk Management (TRM), as outlined on the right, to manage risks in an integrated manner.
- To promote TRM, the Chief Sustainability Officer is in charge of operational risk, while the CEO is directly in charge of strategic risk.
- The TRM Committee has been established under the Board of Directors to manage risks in an integrated manner.
- The CEO chairs the TRM Committee, which is comprised of the Chief Sustainability Officer and other persons assigned by the CEO.
- The Board of Directors deliberates and decides the basic policy and annual plan related to TRM proposed by the TRM Committee, as well as manages major risks for the Teijin Group, and establishes a system for business continuity.
Please note that the matters concerning the future mentioned below are those evaluated by the Teijin Group as of the end of FY2023.
TRM Basic Plan for Fiscal 2024
For fiscal 2024, following deliberations by the Board of Directors, the Company has established the following response policies:
- As fiscal 2024 is a critical year for executing the new medium-term management plan, the Company aims to reduce risks and prevent them in advance to keep risks within acceptable limits and ensure the successful achievement of targets.
- Risk management will be strengthened across management strategies, business management (including finance and human capital), and operations. Additionally, the Company will focus on identifying and understanding medium- to long-term risks and develop response measures should they materialize, in order to properly manage both risks and opportunities.
In fiscal 2024, based on these policies, we have organized risk areas into 10 categories: management strategy, business administration (finance), business administration (human capital), safety, information, quality, legal/compliance, geopolitics, environment, and society. We have appointed Risk Management Owners (executive officers) for each risk area, clearly defining their responsibilities and scope to ensure effective risk management. For each risk area, we evaluate risks based on (1) impact, (2) probability of occurrence, and (3) timing of occurrence. We then identify serious risks from the key risks listed in the table and further narrow down the risks for focused management on critical risks to enhance the effectiveness of our risk management.
Management Strategy Risk: General Risks and Basic Response Policies
| Risk area | Key risks | Risk description | Response policy | Impact | Probability | Time frame | Evaluation* |
|---|---|---|---|---|---|---|---|
| Management strategy | Failure to achieve short- to medium-term management targets | Due to changes in the external environment or unforeseen events, there is a heightened risk of continued earnings weakness caused by delays in profitability improvement, production stabilization, portfolio transformation, or management base strengthening. |
|
Large | Medium | Short to medium term | A |
| Business administration (finance) | Deterioration of financial soundness | Deterioration in cash flow might erode financial health, increasing the risk of difficulties in fundraising or even lead to insolvency. |
|
Large | Medium | Medium term | B |
| Business administration (human capital) | Departures of personnel and talent recruitment | Insufficient implementation of human resource strategies or inadequate response to social demands, such as DE&I, could lead to sustained talent attrition and recruitment difficulties, weakening the management base. |
|
Large | Medium | Medium to long term | B |
| Safety | Fire/explosion | A fire or explosion at a business site could lead to prolonged manufacturing or supply stoppages, resulting in customer loss and litigation. |
|
Large | Medium | Short term | A |
| Large-scale disaster | Inadequate preparedness for large-scale natural disasters, such as major earthquakes, could result in supply chain disruption, prolonged manufacturing or supply stoppages, customer loss, and litigation. |
|
Large | High | Short to long term | B | |
| Information | Information security | Inadequate preparedness to counter cyberattacks or industrial espionage could lead to information or intellectual property leaks, reputational damage, litigation, customer loss, problems with fundraising and other business continuity challenges. |
|
Large | Medium | Short term | A |
| DX/AI | Delayed response to the global trend of digitalization and digital service adoption could result in decreased competitiveness. |
|
Medium | Medium | Medium term | C | |
| Quality | Major quality issues (fraud/ falsification) | Major quality fraud or falsification in our products could cause harm to people, lead to business suspension, result in large compensation costs, and impact other businesses. |
|
Large | Medium | Medium term | B |
| Legal/ compliance | Major scandal | The occurrence of a compliance problem that attracts social attention could lead to heightened media coverage, reputational damage, customer loss, and business continuity challenges. |
|
Large | Medium | Medium term | B |
| Geopolitics | Economic security | Delayed or inadequate response to the strengthening of international economic security measures, intensification of conflicts between nations/regions, or the introduction of sanctions could lead to supply stoppages and business loss. |
|
Large | Medium | Medium term | B |
| Environment | Climate change (transition risk) | Delays in responding to environmental regulations, information disclosure obligations, or customer demands for CO2 reduction could lead to customer loss and investor departures. |
|
Small | High | Medium to long term | C |
| Society | Supply chains/human rights | Inadequate response to regulatory tightening or discovery of human rights violations could lead to reputational damage, customer loss, litigation, and talent attrition. |
|
Medium | Low | Medium term | C |
- * Evaluation: A = Major risk (focused management), B = Major risk, C = Other risk
Information Security and Personal Information Protection
Recognizing the possibility of risks that damage competitiveness or obstruct business continuity, or the risk of having to pay penalties for legal infringements due to the occurrence of information security incidents, the Teijin Group has established "Teijin Group Regulations for Information" as a basic policy on information security, which commits us to maintaining and improving information security. In this context, we strive to mitigate and avoid information security risks such as leakage or tampering of confidential information from the perspectives of physical threats and vulnerabilities, technical threats and vulnerabilities, and human threats and vulnerabilities. Additionally, we respond properly to globally diversifying global personal information protection legislation*.
- *In addition to the General Data Protection Regulation (GDPR) in the European Union, similar regulations are becoming common in the United States, China, and Southeast Asia. In view of these developments, we respond to the various regulations in each country based on our response to the GDPR.
Main Initiatives
The Teijin Group is promoting the building of an information security governance structure and process.
Information Security Governance Structure
The Teijin Group has appointed the Chief Digital Officer (CDO), who is a Corporate Officer, in charge of formulating, executing, promoting, and controlling policies related to global IT governance (human resources, structure, rules, operations, information security, investments, and costs). Additionally, the Teijin Group has established an information management system within the group by defining the roles and responsibilities of the General Manager of Information Systems Department at Teijin Ltd., IT managers assigned to each organization (department, company, business, etc.), and all employees. Furthermore, under the supervision of the CDO, we have established an Information Security Committee chaired by the General Manager of Information Systems Department at Teijin Ltd., with IT general managers from each division and indirect general managers as members. This committee promotes cross-group initiatives related to information security and educational activities. In addition, to address information security incidents, we have established a specialized security organization (CSIRT: Computer Security Incident Response Team) that engages in preventive activities and rapid response when incidents occur. Since 2016, we have been a member of the Japan CSIRT Association, continuously collecting and utilizing advanced information and know-how from other companies to counter cyber attacks.
Information Security Management Processes
The Teijin Group regularly reviews the management status of information assets such as information systems, networks, facilities, personal information, and confidential information within each organization through its information management system. By classifying the importance, identifying threats, and assessing risks, appropriate measures are taken to maintain and improve information security. Additionally, the Teijin Group's Corporate Audit Department conducts information security audits for all group companies from an independent standpoint.
Escalation Process for Information Security Incidents
The Teijin Group has established reporting and handling processes for incidents and accidents in its Group Risk Management Regulations. Additionally, reports from discoverers of suspicious emails or security incidents can be received 24 hours a day, 365 days a year.
Information Security Education
The Teijin Group aims for each employee to acquire the essential awareness and knowledge to protect the group's information assets, respond to increasing security risks, and appropriately utilize information assets. To achieve this, all executives and employees regularly participate in e-learning, group work-based information security education at each organizational level, and experiential training using simulated targeted attack emails.
Appropriate Response to Personal Information Protection
We have been promoting efforts to respond to laws in Europe, Japan, China, Thailand, and other regions, centered on the Teijin Group Global Personal Information Protection Task Force. Furthermore, through the system of designating persons responsible for personal information protection, we are promoting the thorough implementation of various measures. In FY2022, we revised our various compliance documents in light of the fact that Europe's General Data Protection Regulation (GDPR) was revised. In addition, we set up a necessary structure for responding to personal information protection laws in China.