Growing with Society

Risk Management

The Komatsu Group recognizes all uncertainties that could threaten the Group's sustained growth as risks, particularly compliance issues, environmental issues, product quality concerns, accidents, and information security problems. The company has adopted the following measures to counter these risks.

Basic Principles and Structure for Risk Management

  • • In addition to the basic policy for risk management to ensure business continuity and stable development, Komatsu has established Risk Management Rules to correctly recognize and manage risks.
  • • Komatsu has established a Risk Management Committee to devise relevant policies for the entire Group, review the risk management system, and evaluate and improve upon response measures in place for each risk, as well as to take control of risks when they arise. The committee regularly reports on its deliberations and activities to the board of directors.
  • • Komatsu will establish an emergency headquarters when serious risks occur and implement appropriate measures to minimize damage.

Risk Management Structure


Systems and Status in FY2015

Implementing a Business Continuity Plan for Komatsu

In order to quickly confirm the safety of employees and their families in the event of an accident or disaster, and to be able to continue or quickly restart important business operations, Komatsu has formulated a business continuity plan (BCP). In addition, at our head office buildings and all production plants, we assume the possible occurrence of earthquakes and conduct regular training so that in the event of a disaster everyone will be able to act quickly and appropriately. Furthermore, at our production plants, we are working on seismic strengthening for buildings and equipment, as well as reinforcement against damage from torrential rains, according to the production plant's plans. Also, in case of an outbreak or epidemic of a new type of influenza, we will establish a special committee and take appropriate measures. For our employees we have compiled a manual with information regarding preventative measures and what actions to take in case of infection, and we also provide training sessions to promote a thorough understanding of these measures.

image  image
Oyama Plant and Tochigi Plant combined BCP Training

Promoting Risk Management throughout the Group

To reinforce the risk management structure across the Group, including overseas subsidiaries, Komatsu is establishing channels for risk reporting, creating a risk management manual, etc. Also Komatsu is conducting BCP initial response training at the sales and service bases in Japan to raise the level of risk management and response to disasters. Additionally, Komatsu is strengthening its Group-wide system for contacting employees during an emergency by introducing safety confirmation systems, broad-area wireless devices, and conducting regular training for safety reporting and communication.

Conducting Compliance and Risk Audits

As a part of its risk management activities, Komatsu has been conducting compliance and risk audits (CR audits) since FY2008. These cover areas not included in the J-SOX audits, which are conducted in accordance with the Financial Instruments and Exchange Act of Japan to evaluate internal controls related to financial reporting and identify potential compliance risks within the company, with a particular focus on confirming and evaluating the status of legal compliance. Our internal specialist team conducts the internal audits at Komatsu and its Japanese and overseas affiliates, as well as at sites operated by independently-owned distributors.
The audited items are: 1. Safety; 2. Environment; 3. Labor; 4. Finance and Treasury; 5. Quality Assurance and Recall; 6. Vehicle Inspections and Specific Voluntary Inspections (inspections done on construction equipment, similar to vehicle inspections); 7. Export Control; 8. Information Security; and 9. Anti-monopoly Act.
Through these audits, we strive to raise the control and compliance awareness levels at each company and in every department. Going forward, we would like to improve our case-by-case audit method and raise the operational level of CR audits as a part of risk management functions.

Strengthening Information Security


Komatsu is developing an information security structure for the entire Group, placing the Information Security Committee at its center. As one sphere of this structure, the company distributes an Information Security Guidebook to all employees. In conjunction with this, it provides education and awareness-raising activities based on the Guidebook, with the belief that raising individual employee consciousness of information security is essential. The company is developing a structure to protect information from being falsified, leaked or lost, even in cases of negligence or outside intrusion. In addition, it is conducting information security audits to ensure that these measures are working effectively and to detect and address any problems.

Human Right Management Issues

Komatsu signed the United Nations Global Compact in 2008. In an effort to apply its major principles for protecting human rights, Komatsu with the help of external experts conducted a human rights risk assessment for all of its construction/mining equipment and forestry machinery businesses worldwide in 2014, referring to the Universal Declaration of Human Rights and the U.N. Guiding Principles on Business and Human Rights.
The results showed that the degree of urgency for problems occurring is low, while the degree of effect if a problem does occur is moderate. They also pointed to the need for Komatsu to move beyond its current assessment efforts toward evaluating the activities of partner companies, such as parts suppliers and our network of distributors that provide products and services to our customers. In light of the results, we intend to continue implementing the necessary measures.


Record of BCP Training

DateBusiness SiteContent of Training
July 2015Business sites in JapanCommunication training with broad-area wireless devices
September 2015Hakozaki Office (Fukuoka)BCP Initial Response
October 2015Oyama-Tochigi PlantBCP Training
October 2015Komatsu NTC (Toyama)BCP Training
October 2015Gigaphoton (Tochigi)BCP Training
November 2015Shonan PlanBCP Training
November 2015KELK (Kanagawa)BCP Training
November 2015Head OfficeBCP Initial Response
November 2015Head OfficeSafety Reporting
March 2016All Group companies in JapanSafety Reporting
March 2016Business sites in JapanCommunication training with broad-area wireless devices

Implementation of Compliance and Risk Audits


Employee Education (Information Security)

Name of CourseTarget
New Employee TrainingNew hires (both new graduates and experienced hires)
e-learning Information Security (Basic Course)All employees who use PCs at work
e-learning Information Security (Management Course)All managers (line managers such as GMs and section mangers)