Risk Management

TOTO Group Risk Management Policy

The TOTO Group strives without limit to eliminate all causes of hindrances to the implementation of management policies in order to maintain the confidence of society through the fulfillment of its corporate social responsibilities. In cases of unexpected problems, maximum efforts will be made to minimize various effects on stakeholders and to restore confidence of related parties by developing appropriate preventive measures.

System of Promotion

The TOTO Group’s risk management system consists of the Board of Directors, which has comprehensive responsibility for risk management, and the Risk Management Committee (held four times a year, in principle), which translates the strategic direction shown by the Board of Directors into specific policies and procedures and puts these policies into action. (The Risk Management Committee is included in the Other Meeting and Committee category of the Corporate Governance and Business Operations chart.)
To ensure fairness, objectivity and transparency, ultimate decision-making authority is given to the Board of Directors, which includes independent outside directors, who are nonexecutive directors. Under its control, the Risk Management Committee assumes responsibility for regular reporting and risk monitoring.
The Risk Management Committee chaired by the Director, Senior Managing Executive Officer under the supervision of the Representative Director, President consists of executive officers and division heads, and the Risk Management Supervising Division General Manager appointed by the Committee works with all divisions and the Group companies through various committees and meetings and strives to improve risk prevention activities and capabilities to respond to risks in accordance with the risk management rules.
In addition, in order to establish a higher level of internal audit system and further enhance the audit, we established an Internal Audit Office which is independent of the operational divisions, in addition to the audits by the Audit & Supervisory Committee and by accounting auditors. The Audit & Supervisory Committee, accounting auditors and members of the Internal Audit Office conduct audits (three-party audit system) to evaluate and improve the effectiveness of risk management processes, prevent risks from occurring and minimize risks.

System Diagram of Corporate Governance and Business Operations

Risk Management Promotion Structure

Risk Management Action Cycle

Top Management Roles and Responsibilities

1. Building and penetration of the risk management system
2. Confirming and evaluating the validity of the risk management system
3. Providing the needed management resources to achieve the above

Risk Management Committee Roles and Responsibilities

    Promotion of Risk Management

1. Discussing and determining goals and direction of risk management
2. Progress and follow-up on risk management
3. Risk detection and evaluation, creating a risk map and prioritizing risk
4. Improving risk awareness and knowledge
5. Promoting monitoring and audits
6. Risk Management Report to Board of Directors

Major Risks in Fiscal 2025

Every year, major risks that could have a significant impact on stakeholders are identified, and a general manager of the risk management supervision division is appointed for each risk in order to take preventive measures. Each major risk is mapped out on a matrix evaluating degree of impact and frequency of occurrence from the viewpoints of damage to the brand, impact on personnel, and financial consequences along an assumption scenario, and monitored by the Risk Management Committee, and risk mitigation activities are promoted throughout the entire Group. (Risk Management Committee meeting is held four times a year) There is no change in the risk assessment in FY 2025 from FY 2024.

Principal Major Risks

Details of the scenario for significant risks identified by the Group and the measures to address them are provided on the Business Risk page of our website.

BCP & BCM activities

TOTO has a business continuity plan (BCP) to help achieve early resolution and keep damage to a minimum, should a risk materialize. When the Great East Japan Earthquake occurred in March 2011, a countermeasures headquarters was immediately set up to help continue business operations, minimize damage and keep inconvenience to customers to a minimum. Our efforts in this respect were recognized by the Business Continuity Advancement Organization (BCAO) when we won the Grand Prize at the 2011 BCAO Awards for having the best business continuity measures in place.

Response to large-scale disasters risks

Following the Great East Japan Earthquake, risks in the procurement of important parts and power restrictions have become evident. We have therefore strived to improve our business continuity management (BCM) by, for example, taking measures in advance. We also established a task force immediately after the Kumamoto Earthquake in April 2016 in an effort to ensure the continuity of our businesses and minimize damage. In case of a major earthquake directly hitting central Tokyo or the Nankai megathrust earthquake, we will strengthen our internal system in accordance with the review of the assumptions, which is to be announced, and we will review our contingency plans to react to the disaster and continue our businesses.

Response to the climate change

We recognize that climate change is an emerging risk that possibly has an impact on our future business activities because of the frequently happening devastating extreme weather events these days that are likely caused by the global warming, as well as the strengthening of regulations for climate change.

The TOTO Group performs scenario analysis for social situations and business impact up to 2030 based on the TCFD recommendations and implements measures to mitigate climate change risks from the product, manufacturing, and logistics points of view.

Response to Intensifying competition to recruit human resources

The TOTO Group regards human resources as one of the most important assets and expresses them in the Group as human assets.
We believe that it is important for a company’s continued success in the future that its human resources enhance their capabilities and make ongoing contributions to the company. Failure to continuously secure and develop excellent human resources could adversely affect the Group’s business, financial condition and management performance.
As a part of its management resource innovation activities, the TOTO Group is promoting initiatives to realize a company where diverse human resources come together and where employees feel secure and energized to take on challenges and are proud to continue working. In addition to recruiting new graduates, the Group is positively using various methods including direct recruitment and referral, in order to strengthen its ability to recruit experienced personnel, including highly skilled professionals.

Response to Rapid technology innovation

If there is rapid technological innovation in the TOTO Group’s business domain and other companies further improve their productivity and competitiveness, which have already been ahead of us, or create new business models, the Group’s competitive advantage may be relatively reduced, which may have an adverse effect on our business performance and financial condition.
Since its establishment, the TOTO Group has been actively working to create products by organically combining technologies cultivated through various research and development activities, to strengthen product development capabilities by fusing underlying and digital technologies, and to improve productivity through production and manufacturing innovation activities in order to create new customer value. 

Emergency contacts

Systems and measures to be activated in the event of a crisis are defined in the Rules for Risk Management. Furthermore, in order to prevent delays in the initial response, we have established a group unified crisis emergency contact that can be contacted by phone and e-mail regardless of whether the time is a weekday, holiday, or day and night, and we have established a smooth emergency response system.

Also, to prevent employees and their families from disaster and critical events, we provide workers in the group with portable the Emergency Response Card that contains guidance concerning earthquake preparation, initial response to earthquakes, and emergency contacts to ensure that they should provide them with a preliminary report.

Proactive risk communication

Risk management training is provided to all new section managers, new department general managers and new group company presidents. Corporate internal communication sites contain descriptions of risk management activities on web pages dedicated to risk management, risk trends, emergency response manuals and a variety of other information available for viewing by all group personnel.

Of particular note are the dedicated sites in the corporate homepage in 2011 when the Great East Japan Earthquake struck to facilitate communication in easy-to-navigate categories such as damage to those affected, response policy and daily progress. We strive to promptly disclose information on the status of efforts by the company through a news release and other media in the event of an emergency situation.

Practical risk simulations

Real-time risk simulations

 

To improve our prevention and response capabilities to major risks, we have been carrying out practical risk simulations targeting all workplaces, including overseas.

Especially when a disaster occurs, flexible decision-making and execution in response to the disaster situation that change by the minute are required. On the occasion of the Great East Japan Earthquake we introduced the Real-time Risk Simulation utilizing a mock disaster exercise in FY 2011, and finished the training for all our business sites. In addition, we conducted the Management Risk Response Simulation for Directors and Division General Managers with the theme of the Tokyo metropolitan area shattered by an earthquake. In the simulation, we shared the direction for business continuity with the participants reviewing "what to do when it occurs" against unforeseeable management risks in advance and recognized that Directors and General Managers of Divisions themselves make prompt decisions when a disaster occurred. Subsequently, we are continuing the training especially in the areas where the Metropolitan Area Earthquakes or the Nankai Megathrust Earthquakes would affect. Outside Japan, we have been conducting risk simulations while changing sites and themes. The total number of the trainings from FY 2005 to the previous fiscal year was more than 180 times.

TOTO Group Security Policy

The TOTO Group recognizes that the protection and appropriate safety management of its information assets and all other management assets held by the TOTO Group is an extremely important social responsibility. The TOTO Group ensures that all of its employees understand this policy, strives to provide products and services that customers feel secure using, and continuously improves its security. Through these efforts, The TOTO Group aspires to be a company that is trusted by its customers.

The TOTO Group operates a security management system based on the TOTO Group Security Policy which sets out the basic requirements for the system. TOTO Group Information Security Manager is the Director of TOTO Information System Planning Division. The division responsible for information security conducts risk assessments, sets objectives, formulates an implementation plan and puts it into operation in cooperation with the Internal Audit division.

In fiscal 2012, we changed notations/definitions and methods of displaying different types of confidential information, reviewed our rules on confidential information and drew up new guidelines.

In fiscal 2014, regulations were strengthened by adding certain restrictions regarding laws concerning use of personal devices and media on company sites as a measure to improve information security. Each division and Group company has set up an information security management organizational chart, a confidential information management ledger and a management status disclosure ledger, and was asked to perform a self-check (implementation rate 100%) on handling confidential information in accordance with the new rules and guidelines.

In addition, we implemented information security education through e-learning for all TOTO Group employees, including those of cooperating companies.

Privacy Policy

The TOTO Group recognizes that the protection and appropriate safety management of its customer information and all other personal information held by the TOTO Group is an extremely important social responsibility. The TOTO Group ensures that all of our employees understand this policy and implements measures for promoting protection of personal information. Through these efforts, The TOTO Group aspires to be a company that is trusted by its customers.

Responding to the Private Information Protection Law enforced in April 2005, the Basic Policy on the Correct Handling of Personal Numbers and Specific Personal Information enforced in October 2015, and the amendment to the Act on the Protection of Personal Information enforced in May 2017, we ensure employees thorough awareness of them through e-learning while reviewing our Personal Information Protection Guidelines when needed. We ensure thorough protection and management of personal information by establishing a management system in each division and group company basis and conducting voluntary self-inspections that include regular reviews of management records. We also conduct voluntary self-inspections at outsourcing companies when needed in order to ensure thorough management of them. We have developed a guideline for the GDPR, the Private Information Protection Law in Europe enforced in May 2018, that ensured thorough awareness of it across all sites, including overseas, and have taken the necessary actions at sites in EU region. We are currently working on responding to Personal Information Protection related regulations in other countries and regions.