Total Risk Management
Total Risk Management
Basic Concept
While improving shareholder value, Teijin believes its mission is to undertake business activities that satisfy shareholders and other stakeholders. In achieving this mission, we must address all risks (uncertainties) that pose a threat to its realization. Accordingly, we have adopted an organizational and systematic approach to comprehensively and efficiently identify, assess, and manage the risks affecting the entire Group, and to integrate these insights into Group management. The Board of Directors oversees risk management across the Teijin Group, positioning risk assessment as a critical factor in decision-making. This entails formulating management strategies and plans, taking strategic actions, deciding individual investment projects, and assessing various adverse events that could negatively impact the Company. Additionally, we require all Group companies and their executives to fully understand these principles and address any risks that pose a threat to corporate activities. In line with these Basic Principles, Teijin engages in Total Risk Management (TRM), as outlined on the right, to manage risks in an integrated manner.
- To promote TRM, the Chief Sustainability Officer is in charge of operational risk, while the CEO is directly in charge of strategic risk.
- The TRM Committee has been established under the Board of Directors to manage risks in an integrated manner.
- The CEO chairs the TRM Committee, which is comprised of the Chief Sustainability Officer and other persons assigned by the CEO.
- The Board of Directors deliberates and decides the basic policy and annual plan related to TRM proposed by the TRM Committee, as well as manages major risks for the Teijin Group, and establishes a system for business continuity.
Please note that the matters concerning the future mentioned below are those evaluated by the Teijin Group as of the end of FY2023.
TRM Basic Plan for Fiscal 2024
For fiscal 2024, following deliberations by the Board of Directors, the Company has established the following response policies:
- As fiscal 2024 is a critical year for executing the new medium-term management plan, the Company aims to reduce risks and prevent them in advance to keep risks within acceptable limits and ensure the successful achievement of targets.
- Risk management will be strengthened across management strategies, business management (including finance and human capital), and operations. Additionally, the Company will focus on identifying and understanding medium- to long-term risks and develop response measures should they materialize, in order to properly manage both risks and opportunities.
In fiscal 2024, based on these policies, we have organized risk areas into 10 categories: management strategy, business administration (finance), business administration (human capital), safety, information, quality, legal/compliance, geopolitics, environment, and society. We have appointed Risk Management Owners (executive officers) for each risk area, clearly defining their responsibilities and scope to ensure effective risk management. For each risk area, we evaluate risks based on (1) impact, (2) probability of occurrence, and (3) timing of occurrence. We then identify serious risks from the key risks listed in the table and further narrow down the risks for focused management on critical risks to enhance the effectiveness of our risk management.
Management Strategy Risk: General Risks and Basic Response Policies
Risk area | Key risks | Risk description | Response policy | Impact | Probability | Time frame | Evaluation* |
---|---|---|---|---|---|---|---|
Management strategy | Failure to achieve short- to medium-term management targets | Due to changes in the external environment or unforeseen events, there is a heightened risk of continued earnings weakness caused by delays in profitability improvement, production stabilization, portfolio transformation, or management base strengthening. |
|
Large | Medium | Short to medium term | A |
Business administration (finance) | Deterioration of financial soundness | Deterioration in cash flow might erode financial health, increasing the risk of difficulties in fundraising or even lead to insolvency. |
|
Large | Medium | Medium term | B |
Business administration (human capital) | Departures of personnel and talent recruitment | Insufficient implementation of human resource strategies or inadequate response to social demands, such as DE&I, could lead to sustained talent attrition and recruitment difficulties, weakening the management base. |
|
Large | Medium | Medium to long term | B |
Safety | Fire/explosion | A fire or explosion at a business site could lead to prolonged manufacturing or supply stoppages, resulting in customer loss and litigation. |
|
Large | Medium | Short term | A |
Large-scale disaster | Inadequate preparedness for large-scale natural disasters, such as major earthquakes, could result in supply chain disruption, prolonged manufacturing or supply stoppages, customer loss, and litigation. |
|
Large | High | Short to long term | B | |
Information | Information security | Inadequate preparedness to counter cyberattacks or industrial espionage could lead to information or intellectual property leaks, reputational damage, litigation, customer loss, problems with fundraising and other business continuity challenges. |
|
Large | Medium | Short term | A |
DX/AI | Delayed response to the global trend of digitalization and digital service adoption could result in decreased competitiveness. |
|
Medium | Medium | Medium term | C | |
Quality | Major quality issues (fraud/ falsification) | Major quality fraud or falsification in our products could cause harm to people, lead to business suspension, result in large compensation costs, and impact other businesses. |
|
Large | Medium | Medium term | B |
Legal/ compliance | Major scandal | The occurrence of a compliance problem that attracts social attention could lead to heightened media coverage, reputational damage, customer loss, and business continuity challenges. |
|
Large | Medium | Medium term | B |
Geopolitics | Economic security | Delayed or inadequate response to the strengthening of international economic security measures, intensification of conflicts between nations/regions, or the introduction of sanctions could lead to supply stoppages and business loss. |
|
Large | Medium | Medium term | B |
Environment | Climate change (transition risk) | Delays in responding to environmental regulations, information disclosure obligations, or customer demands for CO2 reduction could lead to customer loss and investor departures. |
|
Small | High | Medium to long term | C |
Society | Supply chains/human rights | Inadequate response to regulatory tightening or discovery of human rights violations could lead to reputational damage, customer loss, litigation, and talent attrition. |
|
Medium | Low | Medium term | C |
- * Evaluation: A = Major risk (focused management), B = Major risk, C = Other risk
Information Security and Personal Information Protection
Recognizing the possibility of risks that damage competitiveness or obstruct business continuity due to unforeseen information leakage caused by cyberattacks, etc., or the risk of having to pay penalties for legal infringements, the Teijin Group adopts measures to prevent leakage on both the hard and soft sides and responds properly to globally diversifying personal information protection legislation.
Information Security and Personal Information Protection Policy
The Teijin Group identifies the leakage of information assets and business secrets and cyberattacks as information security risks. From the perspectives of physical threats and vulnerability, technical threats and vulnerability, and human threats and vulnerability, we adopt risk countermeasures and respond properly to globally diversifying personal information protection legislation.*
- *In addition to the General Data Protection Regulation (GDPR) in the European Union, similar regulations are becoming common in the United States, China, and Southeast Asia. In view of these developments, we respond to the various regulations in each country based on our response to the GDPR.
Main Initiatives
The Teijin Group is promoting the building of an information security governance structure and process, as well as specific initiatives through the Information Security Committee. Each division designates a person responsible for information technology, a person responsible for personal information protection, and a person responsible for the management of trade secrets. These responsible persons check the management status of information assets, such as information systems, networks, facilities, personal information, and business secrets every year. At the same time, the Corporate Audit Department conducts information security audits and personal information protection audits of all Group companies. In FY2023 the number of cyberattacks threatening to infect Teijin Group with viruses increased over the previous fiscal year, but there were no reports of actual damage caused by information leakage from Teijin Group.
- Response to physical threats and vulnerability
We are studying our response to facilities and equipment handling confidential information, including entry and exit, as well as our response to such IT devices as servers and computers. - Response to technical threats and vulnerability
We are studying the management of access to information assets, etc., as well as antivirus measures, data recovery response, etc. - Response to human threats and vulnerability
As measures to reduce risks caused by human factors, we are studying education for employees, etc. (implementation of information security training, irregular targeted email training, caution against suspicious email, etc.), as well as our response to management at work consignees. - Appropriate response to personal information protection
We have been promoting efforts to respond to laws in Europe, Japan, China, Thailand, and other regions, centered on the Teijin Group Global Personal Information Protection Task Force. Furthermore, through the system of designating persons responsible for personal information protection, we are promoting the thorough implementation of various measures. In FY2022, we revised our various compliance documents in light of the fact that Europe's General Data Protection Regulation (GDPR) was revised. In addition, we set up a necessary structure for responding to personal information protection laws in China.