- HOME
- Sustainability
- Governance
- Risk Management
Risk Management
Our Basic Principle
YKK AP has designated several material issues (high priority topics) that are key to driving its sustainable growth; one of these issues is "Resilient Business Foundation". To strengthen our system of risk management and establish a governance structure for times of emergency, we are developing and implementing regulations through crisis management committees under the leadership of the chief risk officer (CRO). We enhance our resilience by enhancing collaboration between the committee and each department, preparing a business continuity plan (BCP) during peacetime, and ensuring smooth operation during emergencies.
Strengthening of the risk management system
YKK AP has formed five risk committees to enhance the risk management system and establish a governance system for emergencies. We have also created regulations for each committee and are operating them accordingly. We will enhance our resilience by strengthening cooperation between individual divisions and the Risk Management Committee, preparing a business continuity plan (BCP) for ordinary circumstances, and ensuring smooth operations in the event of an emergency.
Risk map development and selection of key risks
We assess the risks surrounding the business and create a risk map according to changes in the environment, the urgency of response to the risks, and the expected scale of damage. Even after creation, we reviewed our risk map from the following three perspectives: (1) reviewing risk items including key risks, (2) clarifying risk levels, and (3) identifying efforts by related divisions to address key risks. Risks that have a significant impact on our business are positioned as key risk items were upgraded in risk rank, and specific measures are now being implemented.
Response to main key risks
Threat of natural disasters (earthquakes, tsunamis, typhoons, torrential rains)
External environment and potential risks
Damage caused by large-scale earthquakes, windstorms, or flooding at our business sites, or similar damage at our business partners, etc., may lead to slowdowns in our business activities.
Natural disasters may result in the death or injury of employees, damage to facilities, etc., leading to reduced production capacity, as well as replacement and restoration costs for equipment, company buildings, warehouses, and production lines, etc. In addition, there is a risk that business activities may be hampered by outages to critical infrastructure and disruptions to logistics. These slowdowns may lead to customers and business partners moving to competitors.
Initiatives
- In the event of a disaster, a company-wide BCP task force headed by the president is established. BCM Committee members will serve as the heads of BCP task forces for their respective functions, and will oversee, direct, and generally manage the emergency response.
- The Crisis Management Committee, which oversees the entire company as an organization to deliberate and decide on policies and measures for business continuity, with the head of each functional unit serving as a member of the BCM Committee, will be responsible for handling the situation.
Cyber attacks (information security)
External environment and potential risks
Company secrets and other confidential information may be lost or leaked due to computer virus infections, unauthorized access, or other causes. In addition, cyber attacks, outages of telecommunication services, etc., could bring down information systems and shut down all our businesses.
With the recent progress of DX and the expansion of remote work, information systems have more network connection points with internal and external parties than in the past. Environmental changes have heightened the possibility of disruption of business activities due to forced shutdowns or loss of corporate secrets, etc., caused by malicious external intrusion into information systems.
Initiatives
- Establish and operate an IT-BCP (including at domestic and overseas affiliated companies)
- Implement IT security management measures (cyber security and SIRT response)
- Strengthening response by setting up subcommittees in the Information Security Committee for specific roles.
BCP initiatives
In preparation for disaster and risk occurring, we have formulated BCPs at all locations in Japan and overseas. In addition, for the purpose of prompt implementation of the BCPs, we reviewed and updated the Business Continuity Management (BCM) Regulations. We plan to further instill this along functional axes and on a regional site basis.
We carry out regular disaster drills every year to increase the effectiveness of the BCPs. In addition, in response to changes in work styles, such as telecommuting and commuting directly between home and work sites, the CRO led the distribution of a "Natural Disaster Risks and Countermeasures" video via a web-based internal newsletter.
We are also enhancing our ability to quickly identify and address risks in procurement. In addition to purchasing materials from multiple suppliers, understanding and improving the supply chain, and securing inventories of critical management items in case of emergencies, the research and development, manufacturing, and purchasing divisions work together to set up alternative sources of supply, and other efforts taking the BCP into account are conducted from the product development phase.
Resilience Certification
To recognize our series of initiatives on risk management, YKK AP has been certified as a business operator that meets the "Resilience Certification" requirements for Business Continuity and Social Contributions from the Association For Resilience Japan.
About the Resilience Certification
This program certifies corporations and organizations that endorse the Cabinet Secretariat's National Resilience concept, and are actively engaged in business continuity initiatives, as organizations that are helping build national resilience. The Association For Resilience Japan reviews and certifies organizations according to requirements set by the Cabinet Secretariat's National Resilience Promotion Office. Its goal is to build a more resilient society as a whole by promoting and expanding proactive initiatives by corporations and organizations for business continuity (self-reliance) and social contribution (public assistance).
