“We place safety before everything else.” This is the Nitto Group's Corporate Philosophy, upon which its Basic Policy on Internal Control is formulated. Accordingly, the Nitto Group is accurately identifying significant risks in business activities. At the same time, it is also building a system to respond appropriately to risks that may surface.
The Nitto Group promotes risk management for significant risks under the risk management system specified in the “Basic Policy on Internal Control.”
The management identifies significant risks that may materially affect investors’ decision-making. Risks associated with business operations are categorized as “business risks” and managed by the business execution departments, while other risks that may affect the entire Group are categorized as “operating risks” and managed by special function departments.
To monitor risks globally, we appoint regional managers for each major overseas geographic region to develop a regional monitoring function.
The first line, comprising domestic and overseas group companies, directly manages major risks through daily business operations. The second line, including special function departments, regional management, and business execution departments, monitors these risks and reports signs of occurrence and the status of risk management to the Corporate Strategy Meeting. In addition, the third line, represented by the internal audit department, conducts independent audits. This structure reflects our adoption of the Three Lines of Defense model.
The major risks are selected by the officer in charge of risk management and the department in charge of risk management after gathering opinions from Directors, the responsible department, the audit firm, analyzing the agenda and deliberation topics at the Board of Directors and the Corporate Strategy Meeting, and deliberating at the Corporate Strategy Meeting.
The selected risks are managed by each responsible department and reported monthly at the Corporate Strategy Meeting, which is attended by Directors and Executive Officers. These reports include risk information such as Key Risk Indicators (KRIs). At the meeting, the necessity of updating the risk map — plotted with “impact” on the vertical axis and “probability” on the horizontal axis — is also reviewed, and updates are made as needed. The results of the deliberations are immediately instructed to each responsible department, which promptly implements measures, strengthens controls. Eventually, those are reported back again to the Corporate Strategy Meeting with respective actions and remediation status, making the group’s risk management more effective.
Furthermore, based on the management framework for key risks, the implementation of controls and countermeasures, and the occurrence and response to incidents, each responsible department conducts a self-assessment of risk increases or decreases from the beginning of the fiscal year. These assessments are then independently evaluated by the department in charge of risk management and the executive officer responsible for risk management, in accordance with evaluation criteria, and reported to the Corporate Strategy Meeting and the Board of Directors.
In addition, each responsible department clearly defines its risk appetite (tolerance level) for the business risks it manages. The criteria for determining risk tolerance vary by risk type. For example, in the case of investments, decisions are made based on profitability assessments, while in research and development, the commercial viability and business potential are examined in light of market uncertainty. Risk tolerance is determined based on judgment criteria appropriate to each phase.
*The arrow indicates the change in risk from the beginning of the period (↗: Increase in risk, →: No change, ↘: Decrease in risk)
Click here to the details of Associated Business Risks
The Nitto Group works to instill a culture of risk management as the basis for sustainable business activities. We put in place the following measures, among top management and all employees, to raise awareness across the entire group and to cultivate the capacity for swift and appropriate responses.
Under our Basic Policy on Sustainability, we inform all employees of our Basic Policy on Internal Control (This includes our system for promoting compliance and risk management.). We also provide education on the following.
Through risk management education for responsible persons at Group companies, we aim to enhance Internal Control by preventing misconduct, scandals, and trouble, as well as quickly correcting incidents, and build a network in which collaboration and consultation with related parties along each functional line is possible. By doing so, we are creating a system that can respond to risks.
To ensure prompt and appropriate responses in the event of a serious crisis, we conduct Emergency Headquarters training involving the President and executive officers.
Each site formulates emergency action plans based on natural disasters specific to its region. Regular education and training are provided to all employees. Issues identified through training are systematically addressed and improved in accordance with the characteristics of each site.
We aim to ensure safety and maintain or improve quality based on ISO9001 requirements, through product design and quality management that consider financial risks, risks related to chemical substance regulations, and other risks.
If a large-scale disaster or serious accident occurs, a system developed by the Nitto Group immediately contacts top management. Employees are informed of this in the Emergency & Incident Reporting Guidebook. When Nitto’s President decides that doing so is necessary, Emergency Headquarters will be immediately established. While information on the state of damages and the impact of the event is collected and analyzed, all afflicted group companies and bases will receive support from the whole Nitto Group.
For the continuation of business activities in spite of the various risks surrounding the Nitto Group, related to business, society, environment, and disasters, we have stipulated the following four policies in our business continuity plan.
By following the four basic policies of the PDCA cycle, we perform business continuity management (BCM) activities with a close connection between disaster mitigation (disaster prevention and damage minimization efforts) and quick recovery.
Measures are in place to minimize personal and property damage caused by natural disasters such as major earthquakes, fires, and flooding, as well as infectious diseases not only internally but also externally.
Emergency action plans for each type of disaster have been established, and top management as well as all employees regularly engage in education and training.
Nitto Group's core businesses and important tasks are clarified, a target restoration time is set, and an emergency plan of action is formulated damage is confirmed and customers are contacted.
A common action plan is formulated based on common themes that all target businesses and tasks share, as well as individual plans, which are tailored to individual needs for functions such as IT and distribution.
Emergency plans of action are tested periodically through disaster prevention training, and improvements are made based on the results. Our core businesses and important tasks are revised on a periodic basis as well.
