Risk Management

TOTO Group Risk Management Policy

The TOTO Group strives without limit to eliminate all causes of hindrances to the implementation of management policies in order to maintain the confidence of society through the fulfillment of its corporate social responsibilities. In cases of unexpected problems, maximum efforts will be made to minimize various effects on stakeholders and to restore confidence of related parties by developing appropriate preventive measures.

System of Promotion

Our Risk Management Committee, chaired by the vice president, has as its members the executive officers overseeing major risks and division heads as members. In accordance with risk management rules, the Risk Management Supervising Division General Manager appointed to oversee risk management works with all divisions and Group companies through various committees and meetings to prevent risks and enhance the Group's risk management response capabilities.

Risk Management Action Cycle

Top Management Roles and Responsibilities

1. Building and penetration of the risk management system
2. Confirming and evaluating the validity of the risk management system
3. Providing the needed management resources to achieve the above

Risk Management Committee Roles and Responsibilities

    Promotion of Risk Management

1. Discussing and determining goals and direction of risk management
2. Progress and follow-up on risk management
3. Risk detection and evaluation, creating a risk map and prioritizing risk
4. Improving risk awareness and knowledge
5. Promoting monitoring and audits
6. Risk Management Report to Board of Directors

Major Risks in Fiscal 2023

Every year, major risks that could have a significant impact on stakeholders are identified and a general manager of the risk management supervision division is appointed for each risk in order to take preventive measures.

Each major risk is mapped out on a matrix evaluating degree of impact and frequency of occurrence from the viewpoints of damage to the brand, impact on personnel and financial consequences along an assumption scenario,and monitored by the Risk Management Committee, and risk mitigation activities are promoted throughout the entire Group.

Principal Major Risks

BCP & BCM activities

TOTO has a business continuity plan (BCP) to help achieve early resolution and keep damage to a minimum, should a risk materialize. When the Great East Japan Earthquake occurred in March 2011, a countermeasures headquarters was immediately set up to help continue business operations, minimize damage and keep inconvenience to customers to a minimum. Our efforts in this respect were recognized by the Business Continuity Advancement Organization (BCAO) when we won the Grand Prize at the 2011 BCAO Awards for having the best business continuity measures in place.

Response to large-scale disasters risks

Following the Great East Japan Earthquake, risks in the procurement of important parts and power restrictions have become evident. We have therefore strived to improve our business continuity management (BCM) by, for example, taking measures in advance. We also established a task force immediately after the Kumamoto Earthquake in April 2016 in an effort to ensure the continuity of our businesses and minimize damage. In case of a major earthquake directly hitting central Tokyo or the Nankai megathrust earthquake, we will strengthen our internal system in accordance with the review of the assumptions, which is to be announced, and we will review our contingency plans to react to the disaster and continue our businesses.

Response to the COVID-19 Pandemic

Headed by the president, COVID-19 Task Force was established in January 2020 and measures implemented.
We placed the highest priority on the safety of all stakeholders, including customers, suppliers and employees, when determining what measures should be implemented.
We also reflected government policies to cancel, postpone or downsize events, restrict business trip and implement other measures in stages.
In addition, we were strongly promoting work-from-home and staggered work hours to reduce infection risks.
When the parts supply delayed due to the stoppage of supplier’s plant operation, we made utmost efforts to minimize the influence on our business by securing alternative procurement measures.
At the same time, we were also working to expand our business by ensuring we capture business opportunities having arisen from the demand for, in particular, touchless products, driven by the increased awareness of hygiene triggered by the spread of the COVID-19 infection.  

Response to the climate change

We recognize that climate change is an emerging risk that possibly has an impact on our future business activities because of the frequently happening devastating extreme weather events these days that are likely caused by the global warming, as well as the strengthening of regulations for climate change.

The TOTO Group performs scenario analysis for social situations and business impact up to 2030 based on the TCFD recommendations and implements measures to mitigate climate change risks from the product, manufacturing, and logistics points of view.

Emergency contacts

Systems and measures to be activated in the event of a crisis are defined in the Rules for Risk Management. Furthermore, in order to prevent delays in the initial response, we have established a group unified crisis emergency contact that can be contacted by phone and e-mail regardless of whether the time is a weekday, holiday, or day and night, and we have established a smooth emergency response system.

Also, to prevent employees and their families from disaster and critical events, we provide workers in the group with portable the Emergency Response Card that contains guidance concerning earthquake preparation, initial response to earthquakes, and emergency contacts to ensure that they should provide them with a preliminary report.

Proactive risk communication

Risk management training is provided to all new section managers, new department general managers and new group company presidents. Corporate internal communication sites contain descriptions of risk management activities on web pages dedicated to risk management, risk trends, emergency response manuals and a variety of other information available for viewing by all group personnel.

Of particular note are the dedicated sites in the corporate homepage in 2011 when the Great East Japan Earthquake struck to facilitate communication in easy-to-navigate categories such as damage to those affected, response policy and daily progress. We strive to promptly disclose information on the status of efforts by the company through a news release and other media in the event of an emergency situation.

Practical risk simulations

Real-time risk simulations

 

To improve our prevention and response capabilities to major risks, we have been carrying out practical risk simulations targeting all workplaces, including overseas.

Especially when a disaster occurs, flexible decision-making and execution in response to the disaster situation that change by the minute are required. On the occasion of the Great East Japan Earthquake we introduced the Real-time Risk Simulation utilizing a mock disaster exercise in FY 2011, and finished the training for all our business sites. In addition, we conducted the Management Risk Response Simulation for Directors and Division General Managers with the theme of the Tokyo metropolitan area shattered by an earthquake. In the simulation, we shared the direction for business continuity with the participants reviewing "what to do when it occurs" against unforeseeable management risks in advance and recognized that Directors and General Managers of Divisions themselves make prompt decisions when a disaster occurred. Subsequently, we are continuing the training especially in the areas where the Metropolitan Area Earthquakes or the Nankai Megathrust Earthquakes would affect. Outside Japan, we have been conducting risk simulations while changing sites and themes. The total number of the trainings from FY 2005 to the previous fiscal year was more than 170 times.

TOTO Group Security Policy

The TOTO Group recognizes that the protection and appropriate safety management of its information assets and all other management assets held by the TOTO Group is an extremely important social responsibility. The TOTO Group ensures that all of its employees understand this policy, strives to provide products and services that customers feel secure using, and continuously improves its security. Through these efforts, The TOTO Group aspires to be a company that is trusted by its customers.

The TOTO Group operates a security management system based on the TOTO Group Security Policy which sets out the basic requirements for the system. TOTO Group Information Security Manager is the Director of TOTO Information System Planning Division. The division responsible for information security conducts risk assessments, sets objectives, formulates an implementation plan and puts it into operation in cooperation with the Internal Audit division.

In fiscal 2012, we changed notations/definitions and methods of displaying different types of confidential information, reviewed our rules on confidential information and drew up new guidelines.

In fiscal 2014, regulations were strengthened by adding certain restrictions regarding laws concerning use of personal devices and media on company sites as a measure to improve information security. Each division and Group company has set up an information security management organizational chart, a confidential information management ledger and a management status disclosure ledger, and was asked to perform a self-check (implementation rate 100%) on handling confidential information in accordance with the new rules and guidelines.

In addition, we implemented information security education through e-learning for all TOTO Group employees, including those of cooperating companies.

Privacy Policy

The TOTO Group recognizes that the protection and appropriate safety management of its customer information and all other personal information held by the TOTO Group is an extremely important social responsibility. The TOTO Group ensures that all of our employees understand this policy and implements measures for promoting protection of personal information. Through these efforts, The TOTO Group aspires to be a company that is trusted by its customers.

Responding to the Private Information Protection Law enforced in April 2005, the Basic Policy on the Correct Handling of Personal Numbers and Specific Personal Information enforced in October 2015, and the amendment to the Act on the Protection of Personal Information enforced in May 2017, we ensure employees thorough awareness of them through e-learning while reviewing our Personal Information Protection Guidelines when needed. We ensure thorough protection and management of personal information by establishing a management system in each division and group company basis and conducting voluntary self-inspections that include regular reviews of management records. We also conduct voluntary self-inspections at outsourcing companies when needed in order to ensure thorough management of them. We have developed a guideline for the GDPR, the Private Information Protection Law in Europe enforced in May 2018, that ensured thorough awareness of it across all sites, including overseas, and have taken the necessary actions at sites in EU region. We are currently working on responding to Personal Information Protection related regulations in other countries and regions.