- JTEKT TOP
- Sustainability
- Governance
- Risk Management
Risk Management
Basic Concept :
Enhancing corporate value and meeting the expectations of society
We aim to continuously improve our corporate value by controlling risks ,uncertain factors in achieving our businness plan across the entire group, within expectations through integrated risk management.
Specifically, we are working on risk management for the entire company based on the following items as a basic approach in accordance with the "Risk Management Rules" that apply to JTEKT and its group subsidiaries.
1. Preventing and reducing risks that have a significant impact on management
2. Establishing a system to minimize damage in case of crisis
Promotion Structure
We have established a risk management committee chaired by the CRO (Chief Risk Officer), who is responsible for risk management. We have established a system to effectively and regularly update risk assessments and responses that incorporate external/internal environmental changes and are implementing follow-up measures to ensure that they are firmly established.
In addition, when a crisis occurs, we establish a crisis management headquarters according to the degree of impact and respond to the crisis.
Clarification of Risk Appraisals and Response
At JTEKT, an annual risk assessment is carried out for each sector of business, function, and region.We assess risks associated with 1)legal regulations and related violations, 2)damage to credit and reputation, 3)operations, 4)strategic issues, and 5)governance.This is done using a comprehensive risk register, evaluating the importance and probability of occurence, and formulating preventative actions and response plans. Paricularly critical risks are managed across the group with the oversight of the risk supervisor, as departments work collaborating. Their progress is monitored and deliberated within the Risk Management Committee.
Corporate-wide Primary Risks
The Corporate-wide Primary risks for fiscal year 2025, as identified through deliberations by the Risk Management Committee, are as follows:
| Risk Title | Background | Potential Impact | JTEKT Group Response |
|---|---|---|---|
| ①Acceleration of Digitalization | ・Decline in demand for internal combustion engine (ICE) vehicles due to stricter environmental regulations and shift to battery electric vehicles (BEVs) ・Growing importance of digital technologies such as software-defined vehicles (SDVs) |
・Decreased demand for ICE-related components ・Risk of losing competitiveness if unable to meet the technological, speed, and cost demands of emerging automobile manufacturers |
・Management-led digital transformation (DX) with clear goals and talent allocation ・Active Research and Development (R&D) of innovative and attractive new products and technologies |
| ②Human Capital Management | ・Shortage of key talent needed for growth (business planning, leadership, speed) ・Skill gaps, especially in DX and Software skills ・Insufficient linkage between business and HR strategies |
・Inability to secure, develop, and retain talent may hinder progress in key focus areas | ・Centralized HR data and talent portfolio development ・Employer branding ・Promotion of Diversity, Equity, and Inclusion (DE&I) ・Enhanced training for software talent |
| ③Cyber Attack | ・Cybersecurity is not just an IT issue but a core part of corporate strategy ・Cybersecurity is essential for risk management and business resilience |
・Business disruption ・Customer production line stoppages ・Fines for GDPR violations ・Loss of trust due to data breaches |
・Secure IT infrastructure across the group ・Strengthened regional governance ・Crisis training involving top management |
| ④Sustainability Integration | ・Increasing global requirements for sustainability disclosures ・Challenges in managing and ensuring accuracy of data across the value chain |
・Reputational damage due to disclosure errors or omissions | ・Enhanced systems and processes for sustainability data management ・Preparation for third-party assurance of sustainability data |
| ⑤Large-Scale Earthquake | ・Japan is one of the most earthquake-prone countries ・High probability of a Large-Scale Nankai Trough earthquake in the coming decades |
・Difficulty ensuring employee safety and confirming their status ・Damage to production and logistics bases Supply chain disruptions |
・Establishment of initial response headquarters adaptable to multiple disaster scenarios |
| ⑥Quality Fraud, Data Tampering | ・Compliance with quality regulations is directly linked to trust from customers and communities ・Increasing demand for strict quality control |
・High costs from recalls ・Loss of customer trust and business performance ・Damage to corporate reputation and brand value |
・Reforming organizational culture to emphasize psychological safety ・Anonymous surveys and workplace engagement ・Ongoing training for middle managers on corporate philosophy ・Cross-departmental quality system audits |
Enforcement of Immediate Reporting
We have expanded the scope of immediate reporting that requires prompt reporting after identifying compliance issues since 2015. We are also working on thorough enforcement of operational rules and establishment of a system to ensure that the first report after identification of other risks is promptly communicated.
Information Security
In today's corporate activities, effective utilization of information systems and transformation through digital transformation (DX) are increasingly required. At the same time, unforeseen information security risks--such as sophisticated cyberattacks and internal information leaks--are growing year by year. In response to unauthorized access incidents within our group in October 2024, we are further strengthening our efforts to enhance information security.
As a manufacturing company, we also recognize our responsibility to implement security measures for the products we deliver to our valued customers (product security), and to ensure the stable operation of our production lines (Manufacturing Equipment security). In today's business environment, where sustainability is of paramount importance, it is essential to avoid and minimize these risks that could significantly damage our corporate value.
Given this background, we have appointed a Chief Information Security Officer (CISO) and established a specialized department dedicated to information security (Information Security Management Department). We are working based on the "JTEKT Group Information Security Policy" to maintain an appropriate information security framework and further improve our security level.
Initiatives to Strengthen Information Security
①Enhancement of Security Governance
CISO and the Information Security Management Department, we are working in collaboration with each division and function to ensure the safe use of various information technology systems, as well as the safety verification of IT systems embedded in our products. We also collect and share information on potential threats across the entire group to build a framework that enables early detection and response.
In addition, to prevent the leakage of confidential information and protect our information assets from cyberattacks, we conduct on-site inspections and provide improvement guidance to our internal departments and consolidated subsidiaries based on industry guidelines. Through these efforts, we are committed to the continuous maintenance and enhancement of our information security.
②Compliance with Global Standards
We are establishing a management framework in line with global standards such as ISO 27001 and the legal regulations of each country.
③Development of Security Personnel
To manage and protect company-wide information assets and to enhance employees' security awareness and literacy, we assign Information Security Leaders to each department. These leaders help develop security personnel through tiered training programs tailored to the types of information assets handled and the roles within each workplace.
Furthermore, we are promoting the assignment of Information Security Supervisory Leaders to each division within the company, and we are also planning to assign Information Security Leaders to domestic and overseas group companies.
We are strengthening the development of security personnel so that each employee can serve as the "last line of defense."
④Preparedness for Security Incidents
We have established specialized teams to respond to security incidents:
CSIRT (Computer Security Incident Response Team), which handles responses when a security incident occurs within internal systems.
PSIRT (Product Security Incident Response Team), which addresses risks such as product vulnerabilities when they are identified.
⑤Support Across the Entire Supply Chain
To protect the entire supply chain--including suppliers--from the risk of cyberattacks, we conduct both document-based and on-site inspections in collaboration with the procurement department, in addition to supporting group companies. These inspections are carried out based on established guidelines.
The results of these inspections are shared with suppliers, and for key suppliers with identified issues, we provide follow-up and support to address necessary improvements. Furthermore, we share information about recent incidents among relevant parties to prevent recurrence and strengthen security across the entire supply chain.
⑥Initiatives to Address Future Threats
We implement various security measures to protect access to all information assets. In order to respond flexibly to emerging threats, we actively gather information from industry organizations and public-private partnership groups. Through these efforts, we aim to build a safe and secure information infrastructure.
Countermeasures for a Large-scale Disaster
Amongst the various risk responses JTEKT Group promotes, in regards to large-scale disasters with particularly heavy impact on continuity of business activities. In accordance with the Basic Policy for JTEKT Group BCP * formulated JTEKT is promoting countermeasures for both tangible and intangible aspects, such as confirming safety of employees, emergency training, measures to mitigate disaster-related damage in households assuming various regional disaster risks and preparation for the early restoration of product supply.
* BCP BCP is an abbreviation of Business Continuity Plan