Risk Management

Basic concept
Enhancing corporate value and meeting the expectations of society

We aim to continuously improve our corporate value by controlling risks ,uncertain factors in achieving our businness plan across the entire group, within expectations through integrated risk management.
Specifically, We are working on risk management for the entire company based on the following items as a basic approach in accordance with the "Risk Management Rules" that apply to JTEKT and it's group subsidiaries.
1. Preventing and reducing risks that have a significant impact on management
2. Establishing a system to minimize damage in case of crisis

Promotion structure

We have established a risk management committee chaired by the CRO (Chief Risk Officer), who is responsible for risk management. We have established a system to effectively and regularly update risk assessments and responses that incorporate external/internal environmental changes and are implementing follow-up measures to ensure that they are firmly established.
In addition, when a crisis occurs, we establish a crisis management headquarters according to the degree of impact and respond to the crisis.

Promotion structure

Clarification of risk appraisals and response

At JTEKT, an annual risk assessment is carried out for each sector of business, function, and region.We assess risks associated with 1)legal regulations and related violations, 2)damage to credit and reputation, 3)operations, 4)strategic issues, and 5)governance.This is done using a comprehensive risk register, evaluating the importance and probability of occurence, and formulating preventative actions and response plans. Paricularly critical risks are managed across the group with the oversight of the risk supervisor, as departments work collaborating.Theiir progress is monitored and deliberated within the Risk Management Committee.

Lisk&Map_2.png

Enforcement of immediate reporting

We have expanded the scope of immediate reporting that requires prompt reporting after identifying compliance issues since 2015. We are also working on thorough enforcement of operational rules and establishment of a system to ensure that the first report after identification of other risks is promptly communicated.

Enforcement of immediate reporting

Information Security

Amidst the increasing demand for effective information systems use and innovation through DX in recent corporate activities, we are aware of the rising threat of unexpected information security risks, such as sophisticated cyber attacks and internal information leakages.
As a manufacturing company, we at JTEKT believe that we have a responsibility to ensure the security of the products we deliver to our valued customers (product security) and to guarantee the operation of our production lines (factory security).
In today's corporate management, where sustainability is being called for, we must avoid and minimize these risks that could significantly damage corporate value.
With this in mind, we have established a Chief Information Security Officer (CISO) and a dedicated department to further improve our security level and maintain an information security system that is appropriate for achieving this, and we are promoting the following initiatives based on the "JTEKT Group Information Security Policy".

information_security_1.png

Initiatives to strengthen information security

①Strengthening security governance
We are working to continuously maintain and improve information security by conducting on-site inspections based on guidelines from the Japan Automobile Manufacturers Association and other organizations, both within the company and our subsidiaries.
② Compliance with global standards
We have established a management system that is in accordance with global standards such as ISO27001 and the laws and regulations of each country.
③ Security personnel training
To manage and protect company-wide information assets and improve employees' security levels, we have assigned information security leaders to each department within the company and are training security personnel through tiered education tailored to the information assets handled in each workplace and the employees roles.
④Preparation for security incidents
We have established a specialized team (CSIRT) to respond to security incidents when they occur and a specialized team (PSIRT) to respond when risks such as product vulnerabilities are discovered.
⑤Support for the entire supply chain
We are continuing to implement measures to strengthen security through dialogue with suppliers to protect the entire supply chain, including suppliers, from the risk of cyber attacks.
⑥ Initiatives for future threats
We aim to develop a secure information infrastructure by taking various security measures for all information assets, collecting threat information appropriately, and preparing in advance.

Countermeasures for a Large-scale Disaster

Amongst the various risk responses JTEKT Group promotes, in regards to large-scale disasters with particularly heavy impact on continuity of business activities. In accordance with the Basic Policy for JTEKT Group BCP * formulated JTEKT is promoting countermeasures for both tangible and intangible aspects, such as confirming safety of employees, emergency training, measures to mitigate disaster-related damage in households assuming various regional disaster risks and preparation for the early restoration of product supply.

* BCP BCP is an abbreviation of Business Continuity Plan