The TOTO Group strives without limit to eliminate all causes of hindrances to the implementation of management policies in order to maintain the confidence of society through the fulfillment of its corporate social responsibilities. In cases of unexpected problems, maximum efforts will be made to minimize various effects on stakeholders and to restore confidence of related parties by developing appropriate preventive measures.
The TOTO Group’s risk management system consists of the Board of Directors, which has comprehensive responsibility for risk management, and the Risk Management Committee (held four times a year, in principle), which translates the strategic direction shown by the Board of Directors into specific policies and procedures and puts these policies into action. (The Risk Management Committee is included in the Other Meeting and Committee category of the Corporate Governance and Business Operations chart.)
To ensure fairness, objectivity and transparency, ultimate decision-making authority is given to the Board of Directors, which includes independent outside directors, who serve as nonexecutive directors. Under its control, the Risk Management Committee assumes responsibility for regular reporting and risk monitoring.
To make sure this company-wide risk management system is effective, the TOTO Group has established a robust management layer based on the COSO-ERM, which is an international framework.
The following three lines of defense complement one another:
Day-to-day risk management by risk owners in each division (Line 1); company-wide risk management by the Risk Management Committee and the General Risk Management Division, which is chaired by the Director, Senior Managing Executive Officer,Chief Financial Officer. The chairman has been delegated authority by the president.(Line 2); and an audit of progress and systems from an independent perspective by the Internal Audit Office, which is independent from the business operational divisions (Line 3).
TOTO’s all divisions and the Group companies work together through various committees to conduct risk prevention activities and improve their ability to respond to risks.
In addition, in order to establish a higher level of internal audit system and further enhance the audit, we established an Internal Audit Office which is independent of the operational divisions, in addition to the audits by the Audit & Supervisory Committee and by accounting auditors. The Audit & Supervisory Committee, accounting auditors and members of the Internal Audit Office conduct audits (three-party audit system) to evaluate and improve the effectiveness of risk management processes, prevent risks from occurring and minimize risks.
System Diagram of Corporate Governance and Business Operations
Risk Management Promotion Structure 
* Committee chairman : Director, Senior Managing Executive Officer, Chief Financial Officer
Committee Vice chair: Director in charge of general affairs
Committee members : Each division manager
Risk Management Action Cycle

Promotion of Risk Management
Every year, major risks that could have a significant impact on stakeholders are identified, and a general manager of the risk management supervision division is appointed for each risk in order to take preventive measures. Each major risk is mapped out on a matrix evaluating degree of impact and frequency of occurrence from the viewpoints of damage to the brand, impact on personnel, and financial consequences along an assumption scenario, and monitored by the Risk Management Committee, and risk mitigation activities are promoted throughout the entire Group. (Risk Management Committee meeting is held four times a year)
In addition to responding to major risks that have already emerged, we continuously monitor emerging risks, which are potential risks that could pose a significant threat to our business in the future, while highly uncertain at present, in accordance with the external insights, such as the World Economic Forum’s Global Risks Report.
Principal Major Risks
| Management risk | ・Intensifying competition to recruit human resources |
| Political, economic, social risk | ・Geopolitical disputes and security deterioration risks |
| Risk of disastor | ・Large-scale disasters |
| IT-related risk | ・Leakage of confidential and personal information |
Details of the scenario for significant risks identified by the Group and the measures to address them are provided on the Business Risk page of our website.
TOTO has a business continuity plan (BCP) to help achieve early resolution and keep damage to a minimum, should a risk materialize. When the Great East Japan Earthquake occurred in March 2011, a countermeasures headquarters was immediately set up to help continue business operations, minimize damage and keep inconvenience to customers to a minimum. Our efforts in this respect were recognized by the Business Continuity Advancement Organization (BCAO) when we won the Grand Prize at the 2011 BCAO Awards for having the best business continuity measures in place.
Following the Great East Japan Earthquake, risks in the procurement of important parts and power restrictions have become evident. We have therefore strived to improve our business continuity management (BCM) by, for example, taking measures in advance. We also established a task force immediately after the Kumamoto Earthquake in April 2016 in an effort to ensure the continuity of our businesses and minimize damage. In case of a major earthquake directly hitting central Tokyo or the Nankai megathrust earthquake, we will strengthen our internal system in accordance with the review of the assumptions, which is to be announced, and we will review our contingency plans to react to the disaster and continue our businesses.
We recognize that climate change is an emerging risk that possibly has an impact on our future business activities because of the frequently happening devastating extreme weather events these days that are likely caused by the global warming, as well as the strengthening of regulations for climate change.
The TOTO Group performs scenario analysis for social situations and business impact up to 2030 based on the TCFD recommendations and implements measures to mitigate climate change risks from the product, manufacturing, and logistics points of view.
For the Group’s manufacturing business, it is essential to obtain raw materials, parts, etc. in a stable and timely manner. In the event of a supply interruption due to geopolitical risks, a major disaster, the bankruptcy of a supplier, or other reasons, or if there is a sudden change in the balance of supply and demand that makes it difficult to procure materials, the Group may not be able to change or add suppliers, or switch to new raw materials or parts, in a timely manner. This could have an impact on the Group’s business, financial status, and operating performance.
In accordance with its procurement policy, the Group promotes the sustainable procurement of raw materials and parts on a global basis in collaboration with its suppliers. To improve its ability to respond geopolitical risks and to severe natural disasters in recent years, the Group has identified all parts it uses and their production bases, enabled rapid confirmation of disaster conditions through external services, and conducted disaster response simulations. These efforts have established a system that enables the Group to swiftly grasp the impact of the risks as they arise and implement appropriate measures in collaboration with suppliers. Furthermore, the Group is working to establish a stable supply system by deepening the level of anticipated risk scenarios. This includes securing an inventory that satisfies the BCP and establishing duplicate procurement channels in accordance with the recovery plan developed for each part.
The Group may handle customers’ personal information and other company’s information. There is a possibility that such information is leaked to outside the Group due to unforeseen situations. In such cases, the Group may incur significant expenses for compensating damages and other costs. This could have an adverse impact on the Group’s business activities and brand image. There is also a risk of unauthorized use of important confidential information by third parties. This could have an impact on the Group’s business, financial status, and operating performance.
The Group pays careful attention to maintaining the confidentiality of the information it holds, including customer information, and makes every effort to prevent information leaks. This includes implementing security measures such as access control, restrictions on taking information out of the office and prevention of unauthorized access, in accordance with the TOTO Group Privacy Policy, the TOTO Group Security Policy, and internal information security-related regulations, as well as monitoring of information security threats. The Group continuously provides security education and training for all employees to ensure they fully understand how to appropriately manage and use assets.
Systems and measures to be activated in the event of a crisis are defined in the Rules for Risk Management. Furthermore, in order to prevent delays in the initial response, we have established a group unified crisis emergency contact that can be contacted by phone and e-mail regardless of whether the time is a weekday, holiday, or day and night, and we have established a smooth emergency response system.
Also, to prevent employees and their families from disaster and critical events, we provide workers in the group with portable the Emergency Response Card that contains guidance concerning earthquake preparation, initial response to earthquakes, and emergency contacts to ensure that they should provide them with a preliminary report.
Risk management training is provided to all new section managers, new department general managers and new group company presidents. Corporate internal communication sites contain descriptions of risk management activities on web pages dedicated to risk management, risk trends, emergency response manuals and a variety of other information available for viewing by all group personnel.
Of particular note are the dedicated sites in the corporate homepage in 2011 when the Great East Japan Earthquake struck to facilitate communication in easy-to-navigate categories such as damage to those affected, response policy and daily progress. We strive to promptly disclose information on the status of efforts by the company through a news release and other media in the event of an emergency situation.
The TOTO Group places importance on establishing a risk culture, an organizational culture in which every employee properly recognizes and responds to risks appropriately. To prevent major risks and enhance our ability to respond to emergencies, we continuously conduct multifaceted training and practical simulations throughout the entire Group.
1. Practical Risk Simulations to Enhance Decision-Making and Execution Capabilities in Emergencies
1) Real-time Risk Simulations (Mock Disaster)
This simulation was introduced in fiscal 2011 in response to the Great East Japan Earthquake. Training sessions have been completed at all Group business sites both in Japan and overseas. We continue to conduct the simulations at overseas locations with different themes each time, in addition to domestic locations, particularly in the areas expected to be directly affected by a major earthquake beneath the Tokyo metropolitan area or the Nankai Trough earthquake. Since 2005, we have conducted more than 200 simulations.
2) Management Risk Response Simulations for Directors and Division Heads
We conduct simulations targeted at management and other responsible employees based on unforeseen scenarios, such as the devastation of the Tokyo metropolitan area. This program is to share the business continuity guidelines in advance, in other words, what to do in the event of an emergency, and to strengthen our organizational structure so that directors and division heads can make quick decisions.
2. Risk Management Training to Raise the Organization’s Overall Sensitivity to Risks
1) Specific Theme Training for All Employees
As part of the risk management training program, this training is conducted annually for all employees on important topics, such as compliance, information security, and human rights, through e-learning and other measures.
2) Stratified Training
We conduct stratified training programs for new employees, newly appointed managers, and employees on secondment both in Japan and overseas. These are designed to enhance participants’ awareness and understanding of the risk management required for their specific roles.
3. Initiatives to Root the Culture throughout the Workplace
In addition to the company-wide training, the TOTO Group Business Conduct Guidelines, which open with a message from the president, are distributed to employees. This is to ensure that every frontline employee considers risks as their own issue and fully understands the code of conduct. Each workplace has opportunities for group readings of the Guidelines to further deepen understanding.
お気に入りに保存しました