Implementing Risk Management

Komatsu recognizes as major risks those risk factors that could threaten the company's sustained growth, particularly compliance issues, environmental issues, product quality concerns, accidents, and information security problems. The company has adopted the following measures to counter these risks.

Basic Principles and Structure for Risk Management

  • In addition to the basic policy for risk management to ensure the business continuity and stable development, Komatsu has established Risk Management Rules to correctly recognize and manage risks.
  • Komatsu has established a Risk Management Committee to devise relevant policies for the entire Komatsu Group, to review the risk management system, and evaluate and improve upon response measures in place for each risk, and take control of risks when they arise. The Risk Management Committee regularly reports on its deliberations and activities to the Board of Directors.
  • Komatsu will establish an emergency headquarters when serious risks occur and implement appropriate measures to minimize damage.

Implementing a Business Continuity Plan for Komatsu

In order to quickly confirm the safety of employees and their families in the event of an accident or disaster, and to be able to continue or quickly restart important business operations, Komatsu has formulated a Business Continuity Plan (BCP). In addition, at our head office buildings and at all production plants, we assume the possible occurrence of earthquakes and conduct regular training so that in the event of an actual disaster everyone one will be able to act quickly and appropriately. Furthermore, at our production plants, we are working on seismic strengthening for buildings and equipment, as well as reinforcement against damage from torrential rains, according to the production plant's plans. Also, in case of an outbreak or epidemic of a new type of influenza, we will establish a special committee and take appropriate measures. For our employees we will compile a manual with information regarding preventative measures and what action to take in case of infection, and also have training sessions to promote thorough understanding.

BCP Initial Response Training at the Head Office

BCP Initial Response Training at the Head Office

BCP Training at the Awazu Plant (Ishikawa Prefecture)

BCP Training at the Awazu Plant (Ishikawa Prefecture)

Promoting Risk Management throughout the Group

To reinforce the risk management structure across the Group, Komatsu is establishing a route for risk reporting, creating a risk management manual, as well as refining the level of risk management at each Group company through explanatory meetings and study sessions on risk management and BCPs. Additionally, Komatsu is strengthening its Group-wide system for emergency contact function by introducing safety confirmation systems, broad-area wireless devices, and conducting regular training for safety reporting and communication.

Conducting CR Audits

As a part of our risk management activities, Komatsu has been conducting compliance and risk audits (CR audits) since FY2008. This is to cover areas that are not included in the SOX Act (Sarbanes-Oxley Act. Internal control rules to prevent accounting fraud) audits, with the goal to visualize compliance risk potentials within the company. Internal audits are conducted by our internal specialist team at our main sites, including those overseas. The list of items to be audited are 1. Safety, 2. Environment, 3. Labor, 4. Finance and Treasury, 5. Quality Assurance and Recall, 6. Vehicle inspections and specific voluntary inspections (inspections done on construction equipment, similar to vehicle inspections), 7. Export Control, 8. Information Security, and 9. Anti-monopoly Act.
Through these activities, we aim to better our levels of control and compliance awareness at each company, in every department. Going forward, we would like to improve our case-by-case audit method, and increase the operational level of CR audits as a part of risk management functions.


Strengthening Information Security

Strengthening Information Security

Komatsu is developing an information security structure for the entire Group, placing the Information Security Committee at its center. As one sphere of this structure, the Company distributes an Information Security Guidebook to all employees. In conjunction with this, it provides education and awareness-raising activities based on the Guidebook, with the belief that it is essential to raise individual employee consciousness of information security. In addition, the company is developing a structure to protect information from being falsified, leaked, or lost, even against cases of negligence or outside intrusion. The company is also conducting information security audits, to ensure that these measures are working effectively, and to detect and address any problems.

Perception of Risk for Human-Rights Issue

Komatsu signed the United Nations Global Compact in 2008. In an effort to tackle one of its main principles, the issue of human rights, in 2014, with the help of external experts, Komatsu conducted a human rights risk assessment for all our construction/mining equipment and forestry machinery businesses world-wide. The results showed that the degree of urgency for problems occurring is low, while the degree of effect if a problem does occur is moderate.
Komatsu understand that it is important to not only focus our efforts on Komatsu alone, but to consider the implications for our partner companies, such as our parts suppliers, as well as our network of distributors that provide products and services to our customers. Going forward, we would like to work towards having full awareness for our entire supply chain.